N/A

An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.

N/A

N/A

Moxa AWK-3121 命令操作系统命令注入漏洞

Moxa AWK-3121是中国台湾摩莎（Moxa）公司的一款工业级无线访问接入点。 Moxa AWK-3121 1.14版本中的‘iw_privatePass’参数存在命令操作系统命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

N/A

N/A