CVE-2018-10693

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered that allows an attacker to execute commands on the device. The device provides ping functionality for administrators to check network connectivity using ICMP calls. However, this functionality is vulnerable to exploitation. The srvName parameter in a POST request is susceptible to a buffer overflow. By crafting a packet with a string of 516 characters, an attacker can execute the attack.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the ping functionality or restricting access to the srvName parameter in the POST request until a patch is available. As a temporary workaround, avoid using the srvName parameter with long strings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.