Unencrypted TELNET Service Vulnerability in Moxa AWK-3121 Devices
CVE-2018-10698

9.8CRITICAL

Key Information:

Vendor

Moxa
Status
Awk-3121 Firmware
Vendor
CVE Published:
7 June 2019

What is CVE-2018-10698?

The Moxa AWK-3121 1.14 devices have a vulnerability that enables an unencrypted TELNET service by default. This flaw allows malicious actors to exploit man-in-the-middle (MITM) attacks, where they can intercept unencrypted communication between the device and its users. Additionally, if users have not updated the default credentials, attackers can gain unauthorized access to the TELNET daemon, making it easy to control the device and access sensitive information.

References

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/maste...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/8
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.