Connect with us

Hi, what are you looking for?



Vulnerabilities in Moxa Networking Device Expose Industrial Environments to Attacks

Researchers from Cisco’s Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa.

Researchers from Cisco’s Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa.

According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization’s industrial systems.Moxa industrial AP

All of the vulnerabilities have been classified as critical or high severity. They can be exploited by attackers to escalate privileges to root, decrypt traffic using hardcoded cryptographic keys, inject commands and remotely control a device, run custom diagnostic scripts on the device, remotely execute arbitrary code, cause a denial-of-service (DoS) condition, and gain remote shell access to the device.

While in a majority of cases exploitation requires authentication with low privileges, some of the weaknesses can be exploited by an unauthenticated attacker.

Learn More About Vulnerabilities in Industrial Products at SecurityWeek’s 2020 ICS Cyber Security Conference

The vulnerabilities were reported to Moxa in October and November 2019, and the vendor announced the availability of patches on February 24.

While Moxa patched these flaws fairly quickly, the company has not always been fast when it comes to addressing vulnerabilities. In December, the company urged customers to replace the discontinued AWK-3121 series AP after a researcher had identified 14 vulnerabilities in the device. However, the company had known about them since 2018 and the researcher who found the security holes had published exploits in June 2019.

This is not the first time Cisco Talos researchers have found vulnerabilities in Moxa’s AWK-3131A devices. Back in 2017, they reported finding hardcoded credentials that gave attackers full access to Moxa APs, and separately disclosed more than a dozen vulnerabilities affecting the same product.

Advertisement. Scroll to continue reading.

Related: Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery

Related: Many Vulnerabilities Discovered in Moxa Industrial Switches

Related: Profinet Vulnerability Exposes Siemens, Moxa Devices to DoS Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.