CVE-2018-10691

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue allows an attacker to download the /systemlog.log file, which is the system log, without any authentication or authorization. This is the same functionality intended for administrators to download the system log.

Recommendations For Moxa AWK-3121 version 1.14, consider restricting access to the /systemlog.log file until a patch is available. As a temporary workaround, restrict access to the API endpoint that allows downloading the system log to minimize the risk of exploitation.