CVE-2018-10698
Summary
| CVE | CVE-2018-10698 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-07 20:29:00 UTC |
| Updated | 2023-02-28 19:29:00 UTC |
| Description | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Moxa | Awk-3121 | - | All | All | All |
| Hardware | Moxa | Awk-3121 | - | All | All | All |
| Operating System | Moxa | Awk-3121 Firmware | 1.14 | All | All | All |
| Operating System | Moxa | Awk-3121 Firmware | 1.14 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Moxa AWK-3121 1.14 Information Disclosure / Command Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Moxa_AWK_1121/Moxa_AWK_1121 at master · samuelhuntley/Moxa_AWK_1121 · GitHub | MISC | github.com | Third Party Advisory |
| Bugtraq: Newly releases IoT security issues | BUGTRAQ | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.