CVE-2018-10697

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered in the Moxa AWK-3121 device, where the ping functionality, intended for administrators to check network connectivity via ICMP calls, can be exploited by an attacker to execute commands on the device. The srvName parameter in a POST request is susceptible to injection. By crafting a packet with shell metacharacters, an attacker can execute this attack.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the ping functionality or restricting access to the srvName parameter in the POST request to minimize the risk of exploitation. Avoid using the srvName parameter in the affected API endpoint until the issue is resolved.