{"api_version":"1","generated_at":"2026-04-23T22:08:23+00:00","cve":"CVE-2019-5142","urls":{"html":"https://cve.report/CVE-2019-5142","api":"https://cve.report/api/cve/CVE-2019-5142.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5142","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5142"},"summary":{"title":"CVE-2019-5142","description":"An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2020-02-25 16:15:00","updated_at":"2022-06-13 20:14:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0931","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0931","refsource":"MISC","tags":["Exploit","Technical Description","Third Party Advisory"],"title":"TALOS-2019-0931 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5142","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5142","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5142","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"awk-3131a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5142","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"awk-3131a","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"awk-3131a_firmware","cpe6":"1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5142","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"awk-3131a_firmware","cpe6":"1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-5142","qid":"591341","title":"Moxa AWK-3131A Series Multiple Vulnerabilities (MPSA-200203)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5142","ASSIGNER":"talos-cna@cisco.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Moxa","version":{"version_data":[{"version_value":"Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client version 1.13"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0931","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0931"}]},"description":{"description_data":[{"lang":"eng","value":"An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability."}]},"impact":{"cvss":{"baseScore":7.2,"baseSeverity":"High","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}}},"nvd":{"publishedDate":"2020-02-25 16:15:00","lastModifiedDate":"2022-06-13 20:14:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9},"severity":"HIGH","exploitabilityScore":8,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5142","Ordinal":"142758","Title":"CVE-2019-5142","CVE":"CVE-2019-5142","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5142","Ordinal":"1","NoteData":"An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5142","Ordinal":"2","NoteData":"2020-02-25","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5142","Ordinal":"3","NoteData":"2020-02-25","Type":"Other","Title":"Modified"}]}}}