CVE-2018-10693
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in ping functionality of Moxa AWK-3121 (v1.14) allows remote command execution via crafted POST parameter.
Vulnerability
The Moxa AWK-3121 wireless access point running firmware version 1.14 provides a ping functionality to allow administrators to check network connectivity. The POST parameter srvName in the ping feature is vulnerable to a buffer overflow. Sending a string of 516 characters in this parameter overflows the buffer, leading to arbitrary code execution [1].
Exploitation
An attacker with network access to the device can send a crafted POST request to the ping endpoint with a srvName parameter of exactly 516 characters. No authentication is required to reach this functionality, as it is intended for administrative use but is exposed without proper access controls. The overflow overwrites memory, allowing the attacker to control execution flow [1].
Impact
Successful exploitation allows the attacker to execute arbitrary commands on the device with root privileges. This can lead to full compromise of the access point, including data exfiltration, further network pivoting, or disruption of network services [1].
Mitigation
As of the publication date, no official patch has been released by Moxa. Users should consider isolating AWK-3121 devices from untrusted networks or disabling the ping functionality if possible. The device may be end-of-life; consult Moxa support for guidance [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.