Details of VAR-201702-0071

ID

VAR-201702-0071

CVE

CVE-2016-8362

TITLE

plural Moxa OnCell Vulnerability in downloading log files in series products

Trust: 0.8

sources: JVNDB: JVNDB-2016-007996

DESCRIPTION

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. MOXAOnCell is an industrial grade IP gateway product. The MoxaOnCellSeries product verification bypass vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access. Moxa OnCell Series products are prone to an authentication-bypass vulnerability and an OS command execution vulnerability. Moxa OnCellG3470A-LTE etc

Trust: 2.61

sources: NVD: CVE-2016-8362 // JVNDB: JVNDB-2016-007996 // CNVD: CNVD-2016-10731 // BID: 94092 // VULHUB: VHN-97182 // VULMON: CVE-2016-8362

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	LTE device	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2016-10731

AFFECTED PRODUCTS

vendor:	moxa	model:	oncellg3470a-lte	scope:	-	version:	-	Trust: 1.4
vendor:	moxa	model:	awk-3131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-3191	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	wac-1001 v2	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-1121	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1127	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	wac-2004	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-4131a	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	oncellg3470a-lte	scope:	lte	version:	10-31-2016	Trust: 1.0
vendor:	moxa	model:	awk-5232	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-6232	scope:	lte	version:	05-30-2017	Trust: 1.0
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	lte	version:	06-29-2017	Trust: 1.0
vendor:	moxa	model:	awk-1121	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-1127	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-1131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-3191	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-4131a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5232	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-6232	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	wac-1001 v2	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	wac-2004	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	awk-5222/6222 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3131/4131 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3121/4121 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	tap-6226 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-5232-m12-rcc series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3131-m12-rcc series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3121-m12-rtg series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	wac-2004 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	wac-1001 series	scope:	eq	version:	v2	Trust: 0.6
vendor:	moxa	model:	awk-1121/1127 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-5232/6232 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-3191 series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-1131a/3131a/4131a series	scope:	-	version:	-	Trust: 0.6
vendor:	moxa	model:	awk-1131a	scope:	eq	version:	10-31-2016	Trust: 0.6
vendor:	moxa	model:	awk-6232	scope:	eq	version:	05-30-2017	Trust: 0.6
vendor:	moxa	model:	oncellg3470a-lte	scope:	eq	version:	10-31-2016	Trust: 0.6
vendor:	moxa	model:	awk-5232	scope:	eq	version:	05-30-2017	Trust: 0.6
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-4131a	scope:	eq	version:	10-31-2016	Trust: 0.6
vendor:	moxa	model:	awk-3131a	scope:	eq	version:	10-31-2016	Trust: 0.6
vendor:	moxa	model:	awk-1121	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	eq	version:	06-29-2017	Trust: 0.6
vendor:	moxa	model:	awk-3191	scope:	eq	version:	05-30-2017	Trust: 0.6
vendor:	moxa	model:	wac-2004	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	wac-1001	scope:	eq	version:	v20	Trust: 0.3
vendor:	moxa	model:	tap-6226	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	oncellg3470a-lte	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-6232	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-6222	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5232-m12-rcc	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5232	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-5222	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4131	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-4121	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3191	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131-m12-rcc	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3131	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3121-m12-rtg	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-3121	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1131a	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1127	scope:	eq	version:	0	Trust: 0.3
vendor:	moxa	model:	awk-1121	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-10731 // BID: 94092 // JVNDB: JVNDB-2016-007996 // CNNVD: CNNVD-201611-108 // NVD: CVE-2016-8362

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8362
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8362
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-10731
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-108
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-97182
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-8362
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8362
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-10731
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97182
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8362
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-10731 // VULHUB: VHN-97182 // VULMON: CVE-2016-8362 // JVNDB: JVNDB-2016-007996 // CNNVD: CNNVD-201611-108 // NVD: CVE-2016-8362

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-97182 // JVNDB: JVNDB-2016-007996 // NVD: CVE-2016-8362

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-108

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201611-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007996

PATCH

title:	Top Page	url:	http://www.moxa.com/	Trust: 0.8
title:	MoxaOnCellSeries product verification patch to bypass vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/83636	Trust: 0.6
title:	Moxa OnCell Series product authentication bypass vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65334	Trust: 0.6
title:	Moxa OnCell Series product authentication bypass vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65481	Trust: 0.6

sources: CNVD: CNVD-2016-10731 // JVNDB: JVNDB-2016-007996 // CNNVD: CNNVD-201611-108

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8362	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-308-01	Trust: 2.9
db:	BID	id:	94092	Trust: 2.7
db:	JVNDB	id:	JVNDB-2016-007996	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-108	Trust: 0.7
db:	CNVD	id:	CNVD-2016-10731	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-97182	Trust: 0.1
db:	VULMON	id:	CVE-2016-8362	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2016-10731 // VULHUB: VHN-97182 // VULMON: CVE-2016-8362 // BID: 94092 // JVNDB: JVNDB-2016-007996 // CNNVD: CNNVD-201611-108 // NVD: CVE-2016-8362

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-308-01	Trust: 3.0
url:	http://www.securityfocus.com/bid/94092	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8362	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8362	Trust: 0.8
url:	http://www.moxa.com/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 94092 // CNNVD: CNNVD-201611-108

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2016-10731
db:	VULHUB	id:	VHN-97182
db:	VULMON	id:	CVE-2016-8362
db:	BID	id:	94092
db:	JVNDB	id:	JVNDB-2016-007996
db:	CNNVD	id:	CNNVD-201611-108
db:	NVD	id:	CVE-2016-8362

LAST UPDATE DATE

2025-04-20T20:47:21.301000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-10731	date:	2016-11-08T00:00:00
db:	VULHUB	id:	VHN-97182	date:	2017-03-16T00:00:00
db:	VULMON	id:	CVE-2016-8362	date:	2017-03-16T00:00:00
db:	BID	id:	94092	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-007996	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201611-108	date:	2016-11-08T00:00:00
db:	NVD	id:	CVE-2016-8362	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-10731	date:	2016-11-08T00:00:00
db:	VULHUB	id:	VHN-97182	date:	2017-02-13T00:00:00
db:	VULMON	id:	CVE-2016-8362	date:	2017-02-13T00:00:00
db:	BID	id:	94092	date:	2016-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-007996	date:	2017-04-06T00:00:00
db:	CNNVD	id:	CNNVD-201611-108	date:	2016-11-08T00:00:00
db:	NVD	id:	CVE-2016-8362	date:	2017-02-13T21:59:01.050