CVE-2018-10694
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Moxa AWK-3121 v1.14 ships with unencrypted Wi-Fi, allowing attackers to sniff credentials and perform MITM attacks.
Vulnerability
Moxa AWK-3121 devices running firmware version 1.14 provide an open Wi-Fi connection with no encryption by default, as documented in [1]. This affects the initial setup process where an administrator connects over the open wireless interface.
Exploitation
An attacker within Wi-Fi range can passively sniff all unencrypted traffic, including HTTP and TELNET sessions, to capture credentials. Additionally, the attacker can perform an active man-in-the-middle (MITM) attack by intercepting and modifying responses, potentially infecting the user's computer.
Impact
Successful exploitation leads to credential theft (username/password) for the device and any services accessed over the open connection. The MITM capability can further compromise the user's system through malicious payload delivery.
Mitigation
As of the available references [1], no firmware patch has been released. Users should manually configure WPA2 encryption for the Wi-Fi interface and ensure all administrative access (HTTP, TELNET) is replaced with HTTPS or SSH. The open default configuration should not be used in production environments.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.