Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020
CVE: CVE-2019-5136

Background

Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device.

Problem

A privilege escalation vulnerability exists in the iw_console functionality where a specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user.

Resolution

Contact Moxa Technical Support to get the security patch.

References

https://www.moxa.com/en/support/support/security-advisory/awk-3131a-series-industrial-ap-bridge-client-vulnerabilities

Limitations

This exploit will only work if the default admin password hasn't been changed.

Platforms

Moxa

Back to exploit index