CVE-2018-10702: OS Command Injection
First published: Fri Jun 07 2019(Updated: )
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Awk-3121 Firmware | =1.14 | |
| Moxa AWK-3121 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10702?
CVE-2018-10702 has a high severity rating due to the potential for remote command execution.
How do I fix CVE-2018-10702?
To fix CVE-2018-10702, upgrade the Moxa AWK-3121 firmware to the latest version that addresses this vulnerability.
What types of devices are affected by CVE-2018-10702?
CVE-2018-10702 specifically affects Moxa AWK-3121 devices running firmware version 1.14.
What impact does CVE-2018-10702 have on affected devices?
CVE-2018-10702 allows attackers to execute arbitrary commands on vulnerable Moxa AWK-3121 devices.
Can CVE-2018-10702 be exploited remotely?
Yes, CVE-2018-10702 can be exploited remotely without requiring physical access to the affected device.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/moxa
- canonical/moxa awk-3121 firmware
- version/moxa awk-3121 firmware/1.14
- canonical/moxa awk-3121