PT-2019-8757 · Moxa · Moxa Awk-3121
Samuel Huntley
·
Published
2019-06-07
·
Updated
2023-02-28
·
CVE-2018-10690
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moxa AWK-3121 version 1.14
Description
An issue was discovered where the device allows HTTP traffic by default, providing an insecure communication mechanism for users connecting to the web server. This allows an attacker to easily sniff the traffic and compromise sensitive data, such as credentials.
Recommendations
For Moxa AWK-3121 version 1.14, consider disabling HTTP traffic and enabling a secure communication protocol, such as HTTPS, to prevent easy sniffing of traffic and compromise of sensitive data.
Exploit
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Awk-3121