Hi! Please sign in Home >  Support > Technical FAQs

Technical FAQs
Question Improper Command Injection Vulnerabilities on AWK-3131A Industrial Wireless AP/bridge/client
Question Type Security Advisory
Updated 4/16/2018 1:03:57 PM
Hits 1
Products
Suggestions

Summary

On December 22nd 2017, Moxa was contacted by Cisco's Talos Security Intelligence and Research Group (Cisco Talos) regarding security vulnerabilities in Moxa's AWK-3131A Industrial Wireless AP/bridge/client. The report can be seen here:
https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507
http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-3131a.html

The reported vulnerability for these products is as follows:

Item Vulnerability Type Impact
1 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Attackers could perform unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker should not have permission to access.

 

Affected Products and Solutions

Affected Products:
AWK-3131A using Firmware v1.9 Build 18012818 or previous firmware versions

Solutions:
Moxa has addressed these vulnerabilities and has released a new firmware for the AWK-3131A Series. You can download it from this link: https://www.moxa.com/support/sarch_result.aspx?type=soft&prod_id=3103&type_id=4

Revision History

Version Description Release Date
1.0 First release April 13, 2018
Related Questions
Provide Feedback
Quality of this article
Poor                Excellent