CVE-2018-10694

Published: Jun 7, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.

Affected (1)

Products: Moxa: Awk 3121 Firmware

1 product

Awk 3121 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Awk 3121 Firmware	Version 1.14

Running on/with	Platform Versions
Moxa Awk 3121	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.