CVE-2018-10698

CRITICAL

Moxa Awk-3121 Firmware - Missing Encryption

Title source: rule

Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

References (3)

[Third Party Advisory] https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121

View Writeup ZIP pw:eip

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Jun/8

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html

Scores

CVSS v3 9.8

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (1)

moxa/awk-3121_firmware 1.14

Published Jun 07, 2019

Tracked Since Feb 18, 2026