CVE-2018-10703
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Moxa AWK-3121 1.14 allows remote command execution via crafted POST parameter.
Vulnerability
A buffer overflow vulnerability exists in the iw_serverip POST parameter of the Moxa AWK-3121 wireless access point running firmware version 1.14 [1]. The device provides a troubleshooting script execution feature for administrators, but the same code path is reachable without authentication. Sending a specially crafted HTTP POST request with a string of 480 characters in the iw_serverip parameter triggers the overflow.
Exploitation
An attacker can exploit this vulnerability by sending a single HTTP POST request to the device's web interface with the iw_serverip parameter containing 480 or more characters [1]. No prior authentication or user interaction is required. The overflow overwrites adjacent memory, allowing the attacker to control execution flow.
Impact
Successful exploitation results in arbitrary command execution on the device with root privileges [1]. An attacker can fully compromise the access point, potentially using it as a pivot point into the internal network or to disrupt connectivity.
Mitigation
As of the publication date (2019-06-07), no official patch or firmware update has been released by Moxa to address this vulnerability [1]. Users should restrict network access to the device's web interface to trusted administrators only, and monitor for vendor updates. The device may be end-of-life; consult Moxa support for guidance.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Moxa/AWK-3121description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.htmlmitrex_refsource_MISC
- github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121mitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.