An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMoxa Awk 3131a
HWMoxawszystkie wersjeMoxa Awk 3131a Firmware
OSMoxa1.41.51.61.7
Related vulnerabilities
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa...
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point ...
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa A...
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-52...
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A...