← Volver a CVEs

CVE-2018-10698

CRITICAL

9.8

Descripcion

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/7/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

moxa:awk-3121moxa:awk-3121_firmware

Debilidades (CWE)

CWE-311

Referencias

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html(cve@mitre.org)

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121(cve@mitre.org)

https://seclists.org/bugtraq/2019/Jun/8(cve@mitre.org)

http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Jun/8(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.