A decade of vulnerabilities in a wireless network device made by Moxa, an industrial networking, computer and automation provider from Taiwan have been identified by Cisco’s Talos intelligence and research group.
According to Monday’s advisories, both by Moxa and by Talos, 12 vulnerabilities are affecting AWK-3131A industrial AP / bridge / client devices that can be exploited for malicious activity in an attack on the industrial systems of an organisation.
All vulnerabilities were classified as critical or serious. Attackers can be used to scale up root privileges, decrypt traffic using hard-coded encryption keys, use inject commands and remotely control your device, run custom scripts on a device, execute arbitrary code remotely, cause denial-of-service (DoS) and gain remote access.
While in the majority of cases exploitation requires low-privileged authentication, an unauthenticated attacker may exploit some of the weaknesses.
In October and November 2019, vulnerabilities were reported to Moxa, and on February 24, the seller announced patches available.
While Moxa has quickly repaired these defects, the company was not always quick to address vulnerabilities. In December, the company urged customers to substitute the discontinued AWK-3121 series AP, after 14 vulnerabilities had been identified by a researcher. However, the company had been aware of this since 2018 and in June 2019, the investigator who found the safety holes published their exploits.
Not for the first time in Moxa’s AWK-3131A devices, Cisco Talos researchers have found vulnerabilities. In 2017 they reported finding hardcoded credentials that provided attackers with full access to Moxa APs and disclosed more than a dozen vulnerabilities that affected the same product separately.
