CVE-2018-10698
First published: Fri Jun 07 2019(Updated: )
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa AWK-3121 Firmware | =1.14 | |
| Moxa Awk-3121 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10698?
The severity of CVE-2018-10698 is classified as high due to the potential for unencrypted data transmission and exposure to MITM attacks.
How do I fix CVE-2018-10698?
To fix CVE-2018-10698, disable the default TELNET service and use secure protocols such as SSH for remote access.
Who is affected by CVE-2018-10698?
Users of Moxa AWK-3121 devices running firmware version 1.14 are affected by CVE-2018-10698.
What type of attack does CVE-2018-10698 allow?
CVE-2018-10698 allows attackers to perform man-in-the-middle (MITM) attacks and sniff unencrypted traffic due to the enabled TELNET service.
Is the TELNET service secure in CVE-2018-10698?
No, the TELNET service is not secure in the context of CVE-2018-10698 as it exposes data to potential interception.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa awk-3121 firmware
- version/moxa awk-3121 firmware/1.14