Sign-up

ID

VAR-202002-0365


CVE

CVE-2019-5162


TITLE

Moxa AWK-3131A Privilege management vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-014689

DESCRIPTION

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time

Trust: 2.16

sources: NVD: CVE-2019-5162 // JVNDB: JVNDB-2019-014689 // CNVD: CNVD-2020-13493

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-13493

AFFECTED PRODUCTS

vendor:moxamodel:awk-3131ascope:eqversion:1.13

Trust: 2.4

sources: CNVD: CNVD-2020-13493 // JVNDB: JVNDB-2019-014689 // NVD: CVE-2019-5162

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5162
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5162
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014689
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-13493
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1114
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-5162
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014689
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-13493
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-5162
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2019-5162
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2019-014689
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-13493 // JVNDB: JVNDB-2019-014689 // CNNVD: CNNVD-202002-1114 // NVD: CVE-2019-5162 // NVD: CVE-2019-5162

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 0.8

sources: JVNDB: JVNDB-2019-014689 // NVD: CVE-2019-5162

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-1114

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014689

PATCH
title:AWK-3131A Seriesurl:https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series
Trust: 0.8
title:Patch for Moxa AWK-3131A iw_webs Account Setting Function Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/204819
Trust: 0.6
title:Moxa AWK-3131A iw_webs Account Settings Function Access Control Error Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110780
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-13493 // 
            
            
            
            JVNDB: JVNDB-2019-014689 // 
            
            
            
            CNNVD: CNNVD-202002-1114

EXTERNAL IDS
db:TALOSid:TALOS-2019-0955
Trust: 3.0
db:NVDid:CVE-2019-5162
Trust: 3.0
db:ICS CERTid:ICSA-20-063-04
Trust: 1.4
db:JVNDBid:JVNDB-2019-014689
Trust: 0.8
db:CNVDid:CNVD-2020-13493
Trust: 0.6
db:AUSCERTid:ESB-2020.0781
Trust: 0.6
db:CNNVDid:CNNVD-202002-1114
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-13493 // 
            
            
            
            JVNDB: JVNDB-2019-014689 // 
            
            
            
            CNNVD: CNNVD-202002-1114 // 
            
            
            
            NVD: CVE-2019-5162

REFERENCES
url:https://talosintelligence.com/vulnerability_reports/talos-2019-0955
Trust: 3.0
url:https://www.us-cert.gov/ics/advisories/icsa-20-063-04
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-5162
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5162
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0781/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-13493 // 
            
            
            
            JVNDB: JVNDB-2019-014689 // 
            
            
            
            CNNVD: CNNVD-202002-1114 // 
            
            
            
            NVD: CVE-2019-5162

SOURCES
db:CNVDid:CNVD-2020-13493
db:JVNDBid:JVNDB-2019-014689
db:CNNVDid:CNNVD-202002-1114
db:NVDid:CVE-2019-5162

LAST UPDATE DATE
2024-11-23T22:05:48.381000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-13493date:2020-02-26T00:00:00
db:JVNDBid:JVNDB-2019-014689date:2020-03-26T00:00:00
db:CNNVDid:CNNVD-202002-1114date:2022-04-20T00:00:00
db:NVDid:CVE-2019-5162date:2024-11-21T04:44:28.120

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-13493date:2020-02-26T00:00:00
db:JVNDBid:JVNDB-2019-014689date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-1114date:2020-02-24T00:00:00
db:NVDid:CVE-2019-5162date:2020-02-25T16:15:11.030