First published: Tue Feb 25 2020(Updated: )
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa AWK-3131A firmware | =1.13 | |
Moxa AWK-3131A |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5143 is a format string vulnerability found in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.
CVE-2019-5143 has a severity rating of 8.8, which is considered high.
CVE-2019-5143 can result in remote code execution due to an overflow of the time server buffer.
Yes, Moxa AWK-3131A firmware version 1.13 is the only affected software.
To fix CVE-2019-5143, it is recommended to update to a patched version of the Moxa AWK-3131A firmware.