CVE-2018-10691
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moxa AWK-3121 devices running firmware 1.14 allow unauthenticated attackers to download the system log file via a direct request, exposing sensitive information.
Vulnerability
The Moxa AWK-3121 wireless access point running firmware version 1.14 exposes the /systemlog.log endpoint intended for administrator download. However, the endpoint lacks any authentication or authorization checks, allowing any unauthenticated user to retrieve the system log file [1].
Exploitation
An attacker can simply send a GET request to http:///systemlog.log without providing any credentials or session tokens. No prior access or user interaction is required. The vulnerability is trivially exploitable over the network.
Impact
Successful exploitation results in disclosure of the device's system log, which may contain sensitive operational data, network configuration details, or other information that could aid further attacks. The impact is limited to information disclosure; no code execution or privilege escalation is achieved.
Mitigation
As of the publication date (2019-06-07), no official patch or firmware update addressing this vulnerability has been identified in the available reference [1]. Users should restrict network access to the device's web interface and monitor for vendor updates. If the device is end-of-life, replacement may be necessary.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.