CVE-2018-10698

Published: Jun 7, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

Affected (1)

Products: Moxa: Awk 3121 Firmware

1 product

Awk 3121 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Awk 3121 Firmware	Version 1.14

Running on/with	Platform Versions
Moxa Awk 3121	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (6)

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://seclists.org/bugtraq/2019/Jun/8

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.