CVE-2018-10690

Published: Jun 7, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.

Affected (1)

Products: Moxa: Awk 3121 Firmware

1 product

Awk 3121 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Awk 3121 Firmware	Version 1.14

Running on/with	Platform Versions
Moxa Awk 3121	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: cve@mitre.org

ExploitThird Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.