An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
https://seclists.org/bugtraq/2019/Jun/8
https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121