Login Sign Up

CVE-2018-10698

9.8 CRITICAL

📋 TL;DR

Moxa AWK-3121 devices version 1.14 have an unencrypted TELNET service enabled by default with default credentials. This allows attackers to intercept communications via man-in-the-middle attacks or directly access the device using known credentials. Organizations using these devices in their networks are affected.

💻 Affected Systems

Products:
  • Moxa AWK-3121
Versions: 1.14
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices are vulnerable out-of-the-box with default TELNET service enabled and default credentials.

📦 What is this software?

Awk 3121 Firmware by Moxa

View all CVEs affecting Awk 3121 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to network infiltration, data exfiltration, and potential use as a pivot point for attacking other systems.

🟠

Likely Case

Unauthorized access to device configuration, credential harvesting, and potential command execution on the device.

🟢

If Mitigated

Limited to no impact if TELNET is disabled, credentials are changed, and proper network segmentation is implemented.

🌐 Internet-Facing: HIGH - Directly accessible TELNET service with default credentials presents immediate exploitation risk.
🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability easily.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only TELNET access and knowledge of default credentials. Public proof-of-concept code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

Check Moxa's official security advisories for firmware updates. If available, download and apply the latest firmware following vendor instructions.

🔧 Temporary Workarounds

Disable TELNET service

all

Turn off the unencrypted TELNET service and use SSH instead if available.

telnet disable
service telnet stop

Change default credentials

all

Immediately change all default passwords on the device.

passwd admin
configure user password

🧯 If You Can't Patch

  • Network segmentation: Isolate AWK-3121 devices in separate VLANs with strict access controls.
  • Access control lists: Implement firewall rules to restrict TELNET access to authorized management networks only.

🔍 How to Verify

Check if Vulnerable:

Attempt TELNET connection to port 23 of the device using default credentials (admin/admin or similar).

Check Version:

show version or similar device-specific command to display firmware version

Verify Fix Applied:

Verify TELNET service is not running on port 23 and that default credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Failed TELNET authentication attempts
  • Successful TELNET logins from unexpected sources

Network Indicators:

  • TELNET traffic to AWK-3121 devices on port 23
  • Unusual outbound connections from AWK-3121 devices

SIEM Query:

source_ip="AWK-3121_IP" AND (port=23 OR protocol="TELNET")

📊 Metadata

CVE ID: CVE-2018-10698
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-311
Published: June 7, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-10698, you might also want to check these:

CVE-2023-6339 10.0

CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attacke...

Same vulnerability type (CWE-311)
CVE-2019-12924 9.8

MailEnable Enterprise Premium 10.23 contains an XML External Entity Injection (XXE) vulnerability th...

Same vulnerability type (CWE-311)
CVE-2019-3431 9.8

CVE-2019-3431 is a critical vulnerability in ZTE ZXCLOUD GoldenData VAP products where authenticatio...

Same vulnerability type (CWE-311)