PT-2017-9762 · Moxa · Moxa Awk-3131A Wireless Access Point
Published
2017-04-13
·
Updated
2022-12-13
·
CVE-2016-8720
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moxa AWK-3131A Wireless Access Point version 1.1
Description
An exploitable HTTP Header Injection issue exists in the Web Application functionality. A specially crafted HTTP request can inject a payload in the
bkpath parameter, which will be copied into the Location header of the HTTP response.Recommendations
For Moxa AWK-3131A Wireless Access Point version 1.1, consider restricting access to the Web Application functionality until a fix is available. As a temporary workaround, avoid using the
bkpath parameter in HTTP requests to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moxa Awk-3131A Wireless Access Point