Sign-up

ID

VAR-201704-0964


CVE

CVE-2016-8712


TITLE

Moxa AWK-3131A Wireless AP Session expiration vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008400

DESCRIPTION

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in

Trust: 1.71

sources: NVD: CVE-2016-8712 // JVNDB: JVNDB-2016-008400 // VULHUB: VHN-97532

AFFECTED PRODUCTS

vendor:moxamodel:awk-3131ascope:eqversion:1.1

Trust: 2.4

sources: JVNDB: JVNDB-2016-008400 // CNNVD: CNNVD-201704-734 // NVD: CVE-2016-8712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8712
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2016-8712
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8712
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201704-734
value: HIGH

Trust: 0.6

VULHUB: VHN-97532
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8712
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97532
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8712
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2016-8712
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-8712
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-97532 // JVNDB: JVNDB-2016-008400 // CNNVD: CNNVD-201704-734 // NVD: CVE-2016-8712 // NVD: CVE-2016-8712

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.9

sources: VULHUB: VHN-97532 // JVNDB: JVNDB-2016-008400 // NVD: CVE-2016-8712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-734

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-734

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008400

PATCH
title:AWK-3131A Seriesurl:http://www.moxa.com/product/AWK-3131A.htm
Trust: 0.8
title:TALOS-2016-0225url:https://www.talosintelligence.com/reports/TALOS-2016-0225/
Trust: 0.8
title:Moxa AWK-3131A Wireless Access Point Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70217
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008400 // 
            
            
            
            CNNVD: CNNVD-201704-734

EXTERNAL IDS
db:NVDid:CVE-2016-8712
Trust: 2.5
db:TALOSid:TALOS-2016-0225
Trust: 1.7
db:JVNDBid:JVNDB-2016-008400
Trust: 0.8
db:CNNVDid:CNNVD-201704-734
Trust: 0.7
db:SEEBUGid:SSVID-96535
Trust: 0.1
db:VULHUBid:VHN-97532
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97532 // 
            
            
            
            JVNDB: JVNDB-2016-008400 // 
            
            
            
            CNNVD: CNNVD-201704-734 // 
            
            
            
            NVD: CVE-2016-8712

REFERENCES
url:http://www.talosintelligence.com/reports/talos-2016-0225/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8712
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8712
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97532 // 
            
            
            
            JVNDB: JVNDB-2016-008400 // 
            
            
            
            CNNVD: CNNVD-201704-734 // 
            
            
            
            NVD: CVE-2016-8712

SOURCES
db:VULHUBid:VHN-97532
db:JVNDBid:JVNDB-2016-008400
db:CNNVDid:CNNVD-201704-734
db:NVDid:CVE-2016-8712

LAST UPDATE DATE
2025-04-20T23:26:07.332000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97532date:2022-12-13T00:00:00
db:JVNDBid:JVNDB-2016-008400date:2017-05-17T00:00:00
db:CNNVDid:CNNVD-201704-734date:2022-04-20T00:00:00
db:NVDid:CVE-2016-8712date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-97532date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2016-008400date:2017-05-17T00:00:00
db:CNNVDid:CNNVD-201704-734date:2017-04-13T00:00:00
db:NVDid:CVE-2016-8712date:2017-04-13T19:59:00.207