How severe is CVE-2018-10694?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2018-10694?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2018-10694

HIGH Year: 2018

CVSS v3 Score

8.1

High

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-311

View all →

Vulnerability Description

An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.

CVE-2016-10557

HIGH

CVSS:8.1(High)

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause ...

CWE-3112016

CVE-2016-10558

HIGH

CVSS:8.1(High)

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause...

CWE-3112016

CVE-2016-10559

HIGH

CVSS:8.1(High)

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable ...

CWE-3112016

CVE-2016-10560

HIGH

CVSS:8.1(High)

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to ca...

CWE-3112016

CVE-2016-10562

HIGH

CVSS:8.1(High)

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause rem...

CWE-3112016

CVE-2016-10563

HIGH

CVSS:8.1(High)

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this ...

CWE-3112016

CVE-2018-10694

Vulnerability Description

Related Vulnerabilities

CVE-2016-10557

CVE-2016-10558

CVE-2016-10559

CVE-2016-10560

CVE-2016-10562

CVE-2016-10563