Description
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory, VDB Entry x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0235/
Scores
CVSS v3
9.1
EPSS
0.0100
EPSS Percentile
77.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
moxa/awk-3131a_firmware
1.1
Moxa/Moxa AWK-3131A WAP
1.1 Build 15122211
Published
Apr 20, 2017
Tracked Since
Feb 18, 2026