CVE-2018-10701

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered that allows an attacker to execute commands on the device by exploiting a buffer overflow vulnerability in the iw filename POST parameter. This can be achieved by crafting a packet with a string of 162 characters. The vulnerability is related to the functionality that allows administrators to run scripts on the device for troubleshooting purposes.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the functionality that allows running scripts on the device until a patch is available. As a temporary workaround, restrict the use of the iw filename parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.