Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe

Filtered by product Awk-3121 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-10692	1 Moxa	2 Awk-3121, Awk-3121 Firmware	2019-06-10	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
CVE-2018-10700	1 Moxa	2 Awk-3121, Awk-3121 Firmware	2019-06-10	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection.