CVE-2019-5148
25.02.2020, 16:15
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
| Vendor | Product | Version |
|---|---|---|
| moxa | awk-3131a_firmware | 1.13 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
- CWE-191 - Integer Underflow (Wrap or Wraparound)The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.