CVE-2018-10698 · CVEKit

cve.orgen

373 chars

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

NVDen

373 chars

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

NVDes

440 chars

Se encontró un problema en los dispositivos Moxa AWK-3121 versión 1.14. El dispositivo habilita un servicio TELNET sin cifrar de forma predeterminada. Esto permite que un atacante que haya podido obtener una posición MITM pueda detectar fácilmente el tráfico entre el dispositivo y el usuario. Además, un atacante puede conectarse fácilmente al dominio TELNET utilizando las credenciales predeterminadas si el usuario no las ha modificado.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H