Default Unencrypted TELNET Service on Moxa AWK-3121 1.14 Devices

Default Unencrypted TELNET Service on Moxa AWK-3121 1.14 Devices

CVE-2018-10698 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.

Learn more about our User Device Pen Test.