CVE-2018-10692
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The session cookie 'Password508' on Moxa AWK-3121 lacks HttpOnly flag, enabling XSS-based cookie theft.
Vulnerability
The issue affects Moxa AWK-3121 devices running firmware version 1.14. The session cookie named Password508 is not set with the HttpOnly flag, meaning it is accessible to client-side scripts. This vulnerability is described in the referenced advisory [1].
Exploitation
An attacker who is able to execute a cross-site scripting (XSS) attack on the device's web interface can use JavaScript to read the Password508 cookie. The attacker must have network access to the device and find a way to inject malicious scripts, such as through a stored or reflected XSS vector.
Impact
Successful exploitation allows the attacker to steal the session cookie, leading to unauthorized access to the device's administrative interface. This can result in compromise of the device's configuration and operations, as well as disclosure of sensitive information.
Mitigation
As of the available references, no official fix or workaround has been disclosed for firmware version 1.14. Users should monitor Moxa's security advisories for a patched firmware version. In the meantime, mitigating XSS vulnerabilities on the device (e.g., input sanitization) can reduce the risk.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.