CVE-2018-10690

{"id": "CVE-2018-10690", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-06-07T20:29:00.230", "references": [{"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials."}, {"lang": "es", "value": "Fue encontrado un problema en los dispositivos Moxa AWK-3121 versi\u00f3n 1.14. El dispositivo por defecto permite el tr\u00e1fico HTTP as\u00ed que proporciona un mecanismo de comunicaci\u00f3n no seguro para un usuario que conecta con el servidor Web. Esto le permite a un atacante espiar el tr\u00e1fico f\u00e1cilmente y comprometer datos confidenciales tales como credenciales."}], "lastModified": "2023-02-28T19:30:17.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B93963CF-F5C4-4191-BEC1-E8DC3F8CCE2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB3CD92C-362A-4A96-A09E-F04476A9D854"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}