CVE-2018-10699

Name of the Vulnerable Software and Affected Versions Moxa AWK-3121 version 1.14

Description An issue was discovered in the Moxa AWK-3121 device, specifically in its certfile upload functionality, which allows an administrator to upload a certificate file for connecting to the wireless network. However, this functionality also enables an attacker to execute commands on the device. The iw privatePass parameter in the POST request is susceptible to command injection. By crafting a packet containing shell metacharacters, an attacker can execute the attack.

Recommendations For Moxa AWK-3121 version 1.14, consider disabling the certfile upload functionality until a patch is available to prevent command injection attacks. Restrict access to the iw privatePass parameter in the POST request to minimize the risk of exploitation.