CVE-2018-10700

Published: Jun 7, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.

Affected (1)

Products: Moxa: Awk 3121 Firmware

1 product

Awk 3121 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Awk 3121 Firmware	Version 1.19

Running on/with	Platform Versions
Moxa Awk 3121	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: cve@mitre.org

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: cve@mitre.org

ExploitThird Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.