{"api_version":"1","generated_at":"2026-04-23T22:08:47+00:00","cve":"CVE-2018-10701","urls":{"html":"https://cve.report/CVE-2018-10701","api":"https://cve.report/api/cve/CVE-2018-10701.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10701","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10701"},"summary":{"title":"CVE-2018-10701","description":"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter \"iw_filename\" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-06-07 20:29:00","updated_at":"2019-06-11 13:43:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html","name":"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"Moxa AWK-3121 1.14 Information Disclosure / Command Execution ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121","name":"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Moxa_AWK_1121/Moxa_AWK_1121 at master · samuelhuntley/Moxa_AWK_1121 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Jun/8","name":"20190609 Newly releases IoT security issues","refsource":"BUGTRAQ","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: Newly releases IoT security issues","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10701","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10701","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10701","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"awk-3121","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10701","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"awk-3121","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10701","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"awk-3121_firmware","cpe6":"1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10701","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"awk-3121_firmware","cpe6":"1.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-10701","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter \"iw_filename\" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121","url":"https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121"},{"refsource":"BUGTRAQ","name":"20190609 Newly releases IoT security issues","url":"https://seclists.org/bugtraq/2019/Jun/8"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html","url":"http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html"}]}},"nvd":{"publishedDate":"2019-06-07 20:29:00","lastModifiedDate":"2019-06-11 13:43:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10701","Ordinal":"127144","Title":"CVE-2018-10701","CVE":"CVE-2018-10701","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10701","Ordinal":"1","NoteData":"An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter \"iw_filename\" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10701","Ordinal":"2","NoteData":"2019-06-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10701","Ordinal":"3","NoteData":"2019-06-10","Type":"Other","Title":"Modified"}]}}}