Vulnerability Details CVE-2018-10690
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
- https://seclists.org/bugtraq/2019/Jun/8
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
- https://seclists.org/bugtraq/2019/Jun/8
Products affected by CVE-2018-10690
-
cpe:2.3:h:moxa:awk-3121:-
-
cpe:2.3:o:moxa:awk-3121_firmware:1.14