Insecure HTTP Communication in Moxa AWK-3121 Devices
CVE-2018-10690

8.1HIGH

Key Information:

Vendor
Moxa
Status
Awk-3121 Firmware
Vendor
CVE Published:
7 June 2019

Summary

An insufficiently secured Moxa AWK-3121 device running firmware version 1.14 permits unencrypted HTTP traffic, posing a significant risk of data interception. This allows unauthorized actors to monitor communications and potentially access sensitive information, including user credentials. The lack of secure communication channels presents exploitable vectors for attackers, highlighting the urgent need for implementing HTTPS or other security measures to safeguard data integrity and confidentiality.

References

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/maste...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.