Vulnerability Details CVE-2018-10691
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
- https://seclists.org/bugtraq/2019/Jun/8
- http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html
- https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121
- https://seclists.org/bugtraq/2019/Jun/8
Products affected by CVE-2018-10691
-
cpe:2.3:h:moxa:awk-3121:-
-
cpe:2.3:o:moxa:awk-3121_firmware:1.14