CVE-2019-5143
25.02.2020, 16:15
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
| Vendor | Product | Version |
|---|---|---|
| moxa | awk-3131a_firmware | 1.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
- CWE-134 - Use of Externally-Controlled Format StringThe software uses a function that accepts a format string as an argument, but the format string originates from an external source.