CVE-2021-39279

Published: Sep 7, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.

Affected (12)

Products: Moxa: Wac 2004 Firmware, Wac 1001 Firmware, Wac 1001 T Firmware, Oncell G3470a Lte Eu Firmware, Oncell G3470a Lte Eu T Firmware, Tap 323 Eu Ct T Firmware, Tap 323 Us Ct T Firmware, Tap 323 Jp Ct T Firmware, Wdr 3124a Eu Firmware, Wdr 3124a Eu T Firmware, Wdr 3124a Us Firmware, Wdr 3124a Us T Firmware

12 products

Oncell G3470a Lte Eu Firmware

Oncell G3470a Lte Eu T Firmware

Tap 323 Eu Ct T Firmware

Tap 323 Us Ct T Firmware

Tap 323 Jp Ct T Firmware

Wdr 3124a Eu Firmware

Wdr 3124a Eu T Firmware

Wdr 3124a Us Firmware

Wdr 3124a Us T Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 2004 Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Wac 2004	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 1001 Firmware	Version 2.1

Running on/with	Platform Versions
Moxa Wac 1001	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wac 1001 T Firmware	Version 2.1

Running on/with	Platform Versions
Moxa Wac 1001 T	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3470a Lte Eu Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Oncell G3470a Lte Eu	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Oncell G3470a Lte Eu T Firmware	Version 1.7

Running on/with	Platform Versions
Moxa Oncell G3470a Lte Eu T	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Eu Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Eu Ct T	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Us Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Us Ct T	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Tap 323 Jp Ct T Firmware	Version 1.3

Running on/with	Platform Versions
Moxa Tap 323 Jp Ct T	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Eu Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Eu	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Eu T Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Eu T	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Us Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Us	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Wdr 3124a Us T Firmware	Version 2.3

Running on/with	Platform Versions
Moxa Wdr 3124a Us T	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (3)

https://www.moxa.com

Source: cve@mitre.org

Vendor Advisory

https://packetstormsecurity.com/files/164014

Source: nvd@nist.gov

ExploitThird Party AdvisoryVDB Entry

https://www.moxa.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.