CVE-2018-10698

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered where the device enables an unencrypted TELNET service by default. This allows an attacker who has gained a Man-In-The-Middle (MITM) position to easily sniff the traffic between the device and the user. Additionally, an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the TELNET service or changing the default credentials to prevent unauthorized access. As a temporary workaround, restrict access to the TELNET daemon until a more secure configuration or patch is available.