Sign-up

ID

VAR-201704-0965


CVE

CVE-2016-8716


TITLE

Moxa AWK-3131A Wireless AP Vulnerable to password management

Trust: 0.8

sources: JVNDB: JVNDB-2016-008401

DESCRIPTION

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text

Trust: 2.25

sources: NVD: CVE-2016-8716 // JVNDB: JVNDB-2016-008401 // CNVD: CNVD-2017-07350 // VULHUB: VHN-97536

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07350

AFFECTED PRODUCTS

vendor:moxamodel:awk-3131ascope:eqversion:1.1

Trust: 2.4

vendor:moxamodel:awk-3131a wireless access pointscope:eqversion:1.1

Trust: 0.6

sources: CNVD: CNVD-2017-07350 // JVNDB: JVNDB-2016-008401 // CNNVD: CNNVD-201704-619 // NVD: CVE-2016-8716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8716
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2016-8716
value: HIGH

Trust: 1.0

NVD: CVE-2016-8716
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07350
value: LOW

Trust: 0.6

CNNVD: CNNVD-201704-619
value: HIGH

Trust: 0.6

VULHUB: VHN-97536
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-8716
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07350
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97536
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2016-8716
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2016-8716
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-07350 // VULHUB: VHN-97536 // JVNDB: JVNDB-2016-008401 // CNNVD: CNNVD-201704-619 // NVD: CVE-2016-8716 // NVD: CVE-2016-8716

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.9

sources: VULHUB: VHN-97536 // JVNDB: JVNDB-2016-008401 // NVD: CVE-2016-8716

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201704-619

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-619

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008401

PATCH
title:AWK-3131A Seriesurl:http://www.moxa.com/product/AWK-3131A.htm
Trust: 0.8
title:TALOS-2016-0230url:https://www.talosintelligence.com/reports/TALOS-2016-0230
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-008401

EXTERNAL IDS
db:NVDid:CVE-2016-8716
Trust: 3.1
db:TALOSid:TALOS-2016-0230
Trust: 2.3
db:JVNDBid:JVNDB-2016-008401
Trust: 0.8
db:CNNVDid:CNNVD-201704-619
Trust: 0.7
db:CNVDid:CNVD-2017-07350
Trust: 0.6
db:SEEBUGid:SSVID-96540
Trust: 0.1
db:VULHUBid:VHN-97536
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07350 // 
            
            
            
            VULHUB: VHN-97536 // 
            
            
            
            JVNDB: JVNDB-2016-008401 // 
            
            
            
            CNNVD: CNNVD-201704-619 // 
            
            
            
            NVD: CVE-2016-8716

REFERENCES
url:http://www.talosintelligence.com/reports/talos-2016-0230
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8716
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8716
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-07350 // 
            
            
            
            VULHUB: VHN-97536 // 
            
            
            
            JVNDB: JVNDB-2016-008401 // 
            
            
            
            CNNVD: CNNVD-201704-619 // 
            
            
            
            NVD: CVE-2016-8716

SOURCES
db:CNVDid:CNVD-2017-07350
db:VULHUBid:VHN-97536
db:JVNDBid:JVNDB-2016-008401
db:CNNVDid:CNNVD-201704-619
db:NVDid:CVE-2016-8716

LAST UPDATE DATE
2025-04-20T23:32:59.274000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07350date:2017-05-24T00:00:00
db:VULHUBid:VHN-97536date:2022-12-14T00:00:00
db:JVNDBid:JVNDB-2016-008401date:2017-05-17T00:00:00
db:CNNVDid:CNNVD-201704-619date:2022-04-20T00:00:00
db:NVDid:CVE-2016-8716date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07350date:2017-05-24T00:00:00
db:VULHUBid:VHN-97536date:2017-04-12T00:00:00
db:JVNDBid:JVNDB-2016-008401date:2017-05-17T00:00:00
db:CNNVDid:CNNVD-201704-619date:2017-04-12T00:00:00
db:NVDid:CVE-2016-8716date:2017-04-12T19:59:00.163