CVE-2016-8712 - An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-313

CVE-2016-8712

Summary

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.

References

http://www.talosintelligence.com/reports/TALOS-2016-0225/

Vulnerable Configurations

cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 13-12-2022 - 21:57)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

misc

http://www.talosintelligence.com/reports/TALOS-2016-0225/

Last major update

13-12-2022 - 21:57

Published

13-04-2017 - 19:59

Last modified

13-12-2022 - 21:57