Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-5140

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2019-5140


Contact Us

Shodan ® - All rights reserved