CVE-2018-10696 Information
Feb 14, 2021
cve
Description
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However this interface is not protected against CSRF attacks which allows an attacker to trick an administrator into executing actions without his/her knowledge as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121 https://seclists.org/bugtraq/2019/Jun/8
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: