CVE-2018-10702

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description The issue allows an attacker to execute commands on the device due to insufficient argument validation in a command. This can be exploited by a remote attacker to execute arbitrary commands with root privileges using a specially crafted iw filename parameter. The vulnerability is related to a functionality that allows administrators to run scripts on the device for troubleshooting purposes.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the functionality that allows running scripts on the device until a patch is available. Restrict access to the iw filename parameter to minimize the risk of exploitation. Avoid using the iw filename parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.