Details of VAR-201704-0969

ID

VAR-201704-0969

CVE

CVE-2016-8721

TITLE

Moxa AWK-3131A Wireless Access Point Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-11314 // CNNVD: CNNVD-201704-1078

DESCRIPTION

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa

Trust: 2.25

sources: NVD: CVE-2016-8721 // JVNDB: JVNDB-2016-008475 // CNVD: CNVD-2017-11314 // VULHUB: VHN-97541

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-11314

AFFECTED PRODUCTS

vendor:	moxa	model:	awk-3131a	scope:	eq	version:	1.1	Trust: 2.4
vendor:	moxa	model:	awk-3131a wireless access point	scope:	eq	version:	1.1	Trust: 0.6

sources: CNVD: CNVD-2017-11314 // JVNDB: JVNDB-2016-008475 // CNNVD: CNNVD-201704-1078 // NVD: CVE-2016-8721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8721
value:	CRITICAL
Trust: 1.0
talos-cna@cisco.com:	CVE-2016-8721
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-8721
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-11314
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-1078
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-97541
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8721
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-11314
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97541
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

talos-cna@cisco.com:	CVE-2016-8721
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2016-8721
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2017-11314 // VULHUB: VHN-97541 // JVNDB: JVNDB-2016-008475 // CNNVD: CNNVD-201704-1078 // NVD: CVE-2016-8721 // NVD: CVE-2016-8721

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-97541 // JVNDB: JVNDB-2016-008475 // NVD: CVE-2016-8721

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1078

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201704-1078

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008475

PATCH

title:

AWK-3131A Series

url:

http://www.moxa.com/product/AWK-3131A.htm

Trust: 0.8

sources: JVNDB: JVNDB-2016-008475

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8721	Trust: 3.1
db:	TALOS	id:	TALOS-2016-0235	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008475	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1078	Trust: 0.7
db:	CNVD	id:	CNVD-2017-11314	Trust: 0.6
db:	SEEBUG	id:	SSVID-96530	Trust: 0.1
db:	VULHUB	id:	VHN-97541	Trust: 0.1

sources: CNVD: CNVD-2017-11314 // VULHUB: VHN-97541 // JVNDB: JVNDB-2016-008475 // CNNVD: CNNVD-201704-1078 // NVD: CVE-2016-8721

REFERENCES

url:	http://www.talosintelligence.com/reports/talos-2016-0235/	Trust: 3.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8721	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8721	Trust: 0.8

sources: CNVD: CNVD-2017-11314 // VULHUB: VHN-97541 // JVNDB: JVNDB-2016-008475 // CNNVD: CNNVD-201704-1078 // NVD: CVE-2016-8721

SOURCES

db:	CNVD	id:	CNVD-2017-11314
db:	VULHUB	id:	VHN-97541
db:	JVNDB	id:	JVNDB-2016-008475
db:	CNNVD	id:	CNNVD-201704-1078
db:	NVD	id:	CVE-2016-8721

LAST UPDATE DATE

2025-04-20T23:42:14.400000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-11314	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-97541	date:	2022-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-008475	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1078	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2016-8721	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-11314	date:	2017-06-26T00:00:00
db:	VULHUB	id:	VHN-97541	date:	2017-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2016-008475	date:	2017-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201704-1078	date:	2017-04-20T00:00:00
db:	NVD	id:	CVE-2016-8721	date:	2017-04-20T18:59:01.577