CVE-2016-8712

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

8.1HIGH

EPSS

0.4%

top 40.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Awk-3131a Series Industrial Ieee 802.11a/b/g/n Wireless Ap/bridge/client Moxa Awk-3131a Firmware

Timeline

PublishedApr 13

Latest updateMay 13

Description

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDmoxa/awk-3131a_firmware1.1

▶CVEListV5moxa/awk-3131a_series_industrial_ieee_802.11a/b/g/n_wireless_ap/bridge/client1.1

🔴Vulnerability Details

GHSA

GHSA-6grp-3634-pjfg: An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1↗2022-05-13

▶

CVEList

CVE-2016-8712: An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1↗2017-04-13

▶