An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A…
talos·CWE-288·Published 2020-02-25
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
Se presenta una vulnerabilidad de omisión de autenticación explotable en el procesamiento del hostname de Moxa AWK-3131A versión de firmware 1.13. Un hostname de dispositivo especialmente configurado puede causar que el dispositivo interprete el tráfico remoto seleccionado como tráfico local, resultando en la omisión de la autenticación web. Un atacante puede enviar peticiones SNMP autenticadas para desencadenar esta vulnerabilidad.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.5 | 8.0 | 6.4 | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 8.0 | — | — | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | Primary | cve.org | 8.0 | — | — | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| 3.0 | Secondary | NVD | 8.0 | 1.3 | 6.0 | CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 7.2 | 1.2 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |