CVE-2018-10703

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered that allows an attacker to execute commands on the device. The iw serverip parameter is susceptible to buffer overflow, which can be exploited by crafting a packet with a string of 480 characters. This vulnerability may allow a remote attacker to execute arbitrary commands with root privileges.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the functionality that allows running scripts on the device until a patch is available. Restrict access to the iw serverip parameter to minimize the risk of exploitation. Avoid using the iw serverip parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.