CVE-2018-10694

{"id": "CVE-2018-10694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-06-07T20:29:00.420", "references": [{"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well."}, {"lang": "es", "value": "Fue encontrado un problema en los dispositivos Moxa AWK-3121 versi\u00f3n 1.14. El dispositivo proporciona una conexi\u00f3n Wi-Fi que est\u00e1 abierta y no usa ning\u00fan mecanismo de cifrado por defecto. Un administrador que utiliza la conexi\u00f3n inal\u00e1mbrica abierta para configurar el dispositivo puede permitir que un atacante espiar el tr\u00e1fico que pasa entre el equipo del usuario y el dispositivo. Esto puede permitir que un atacante hurtar las credenciales que pasan sobre la conexi\u00f3n HTTP, as\u00ed como el tr\u00e1fico TELNET. Tambi\u00e9n un atacante puede activar un ataque MITM sobre la respuesta e infectar el ordenador de un usuario f\u00e1cilmente."}], "lastModified": "2024-11-21T03:41:51.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B93963CF-F5C4-4191-BEC1-E8DC3F8CCE2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB3CD92C-362A-4A96-A09E-F04476A9D854"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}