CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-24 11:44:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c8d0b27a95da01ac2a8d3d5e884ef1c77259d7be
CVEs-PoC/2017/CVE-2017-14459.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

18 lines
1.3 KiB
Markdown
Raw Blame History

### [CVE-2017-14459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14459)
![](https://img.shields.io/static/v1?label=Product&message=Moxa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Moxa%20AWK-3131A%20Industrial%20IEEE%20802.11a%2Fb%2Fg%2Fn%20wireless%20AP%2Fbridge%2Fclient%20versions%201.4%20-%201.9.%20In%20addition%2C%20versions%20prior%20to%201.4%20appear%20similarly%20vulnerable%20to%20injection%2C%20but%20not%20as%20easily%20exploitable%20(described%20below).%20Other%20models%20in%20the%20AWK%20product%20line%20may%20likewise%20be%20vulnerable%20but%20have%20not%20been%20tested.%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=remote%20code%20execution&color=brightgreen)
### Description
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
### POC
#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507
#### Github
No PoCs found on GitHub currently.
Reference in New Issue View Git Blame Copy Permalink