CVE-2018-10690

HIGH

Moxa Awk-3121 Firmware - Missing Encryption

Title source: rule

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.

References (3)

[Exploit, Third Party Advisory] https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

View Exploit ZIP pw:eip

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Jun/8

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Scores

CVSS v3 8.1

EPSS 0.0026

EPSS Percentile 49.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (1)

moxa/awk-3121_firmware 1.14

Published Jun 07, 2019

Tracked Since Feb 18, 2026