CVE-2018-10690
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moxa AWK-3121 1.14 devices ship with unencrypted HTTP, allowing network sniffing of sensitive data including credentials.
Vulnerability
The Moxa AWK-3121 wireless access point running firmware version 1.14 has HTTP enabled by default on the web server, providing an insecure communication channel [1]. The device does not enforce or even offer HTTPS as a mandatory alternative, leaving all web management traffic in plaintext [1].
Exploitation
An attacker on the same network segment can passively sniff HTTP traffic between a legitimate administrator and the device's web interface [1]. No authentication or special privileges are needed beyond network proximity to capture the unencrypted data [1].
Impact
Successful sniffing allows an attacker to compromise sensitive data such as credentials transmitted during login, leading to full administrative access to the device and potential further network compromise [1].
Mitigation
As of the reference publication, Moxa has not released a firmware update for the AWK-3121 to address this issue; users should consider using a VPN or other encrypted tunnel when accessing the web interface, or isolate the device on a trusted management VLAN [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.