PT-2017-9755 · Moxa · Moxa Awk-3131A Wireless Ap
Published
2017-04-13
·
Updated
2022-12-14
·
CVE-2016-8712
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moxa AWK-3131A Wireless AP version 1.1
Description
An exploitable nonce reuse vulnerability exists in the Web Application functionality. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.
Recommendations
For Moxa AWK-3131A Wireless AP version 1.1, consider restricting access to the web application functionality until a fix is available, as a temporary workaround to minimize the risk of exploitation.
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Awk-3131A Wireless Ap