CVE-2018-10694

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered where the device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. This allows an attacker to sniff the traffic passing between the user's computer and the device, potentially stealing credentials over HTTP and TELNET connections. Additionally, an attacker can perform a Man-in-the-Middle (MITM) attack, infecting a user's computer.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the open Wi-Fi connection until a patch or secure configuration is available. Restrict access to the device's setup process to minimize the risk of exploitation. Avoid using the device's default open Wi-Fi connection for administrative tasks.