← Volver a CVEs
CVE-2018-10696
N/ADescripcion
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado6/7/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
moxa:awk-3121moxa:awk-3121_firmware
Debilidades (CWE)
CWE-352
Referencias
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html(cve@mitre.org)
https://seclists.org/bugtraq/2019/Jun/8(cve@mitre.org)
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jun/8(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.