← volver
CVE-2019-5162

CVE-2019-5162

CVSS 9.9 CRITICALEPSS 2.7%CWE-284
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.9EPSS 2.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 feb 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Productos afectados
n/a · Moxa

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0955