CVE-2018-10695

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered that allows an attacker to execute commands on the device by exploiting the alert functionality. The POST parameters to1, to2, to3, and to4 are susceptible to buffer overflow. By crafting a packet with a string of 678 characters, an attacker can execute the attack.

Recommendations For Moxa AWK-3121 version 1.14, as a temporary workaround, consider disabling the alert functionality that sends emails to the administrator's account until a patch is available. Restrict access to the POST parameters to1, to2, to3, and to4 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.