PT-2019-8757 · Moxa · Moxa Awk-3121

Samuel Huntley

Publicado

2019-06-07

Atualizado

2023-02-28

CVE-2018-10690

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered where the device allows HTTP traffic by default, providing an insecure communication mechanism for users connecting to the web server. This allows an attacker to easily sniff the traffic and compromise sensitive data, such as credentials.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling HTTP traffic and enabling a secure communication protocol, such as HTTPS, to prevent easy sniffing of traffic and compromise of sensitive data.

Exploit

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2018-10690

Produtos afetados

Moxa Awk-3121

PT-2019-8757 · Moxa · Moxa Awk-3121

CVE-2018-10690

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6