Insecure Default Configuration Allows Sniffing and Data Compromise on Moxa AWK-3121 Devices

Insecure Default Configuration Allows Sniffing and Data Compromise on Moxa AWK-3121 Devices

CVE-2018-10690 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.

Learn more about our Web App Pen Testing.