cve/CVE-2018-10702.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.

POC

Reference

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/samuelhuntley/Moxa_AWK_1121

1.2 KiB Raw Blame History

CVE-2018-10702

Description

POC

Reference

Github

1.2 KiB

Raw Blame History