CVE-2016-8716Weak Password Recovery Mechanism for Forgotten Password in Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge Client

CWE-640Weak Password Recovery Mechanism for Forgotten Password3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moxa Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge ClientMoxa Awk-3131a Firmware
Timeline
PublishedApr 12
Latest updateMay 13

Description

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pr5m-wxj4-mr3r: An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point ru2022-05-13
CVEList
CVE-2016-8716: An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point ru2017-04-12
CVE-2016-8716 — HIGH severity | cvebase