CVE-2018-10697
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in Moxa AWK-3121 ping functionality via crafted 'srvName' POST parameter allows remote attackers to execute arbitrary commands.
Vulnerability
A command injection vulnerability exists in the Moxa AWK-3121 wireless access point, as disclosed in CVE-2018-10697. The device provides a ping functionality accessible through the web interface, which allows an administrator to execute ICMP calls to check network connectivity. The POST parameter srvName is directly passed to a shell command without proper sanitization, making it susceptible to injection. By inserting shell metacharacters into the srvName parameter, an attacker can break out of the intended command and execute arbitrary system commands. The vulnerability is present in firmware version 1.14 and likely earlier versions, as per the advisory [1].
Exploitation
An attacker must have network access to the management interface of the Moxa AWK-3121 (typically on the local network) and be able to send HTTP POST requests to the device's web server. No prior authentication is required if the ping functionality is exposed via the web interface without authentication, as indicated by the reference [1]. The exploitation steps involve crafting a POST request to the vulnerable endpoint with the srvName parameter containing shell metacharacters, such as backticks or semicolons, to inject additional commands. For example, appending ; ls to a valid hostname would execute the ls command on the device [1].
Impact
Successful exploitation allows an attacker to execute arbitrary commands on the Moxa AWK-3121 with the privileges of the web server process, which typically runs as the root user. This can lead to full compromise of the device, including the ability to read, modify, or delete sensitive data, modify system configuration, disable network functionality, or use the device as a pivot point for further attacks on the network. The impact is severe, as it provides remote unauthenticated command execution, potentially affecting all network traffic going through the access point [1].
Mitigation
Moxa has not publicly released a firmware update to fix this vulnerability, and the device may be end-of-life (EOL). As of the references available [1], no patch has been provided. The recommended mitigation is to restrict access to the web management interface to trusted networks only, use firewalls to block unauthorized access to the device's management ports (typically HTTP/HTTPS), and disable the ping functionality if not required. If the device is EOL and no fix is available, replacing the device with a supported model that receives security updates is advised.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.