CVE-2016-8717

CWE-798 — Hard-coded Credentials5 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 42.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Talos Moxa Moxa Awk-3131a Firmware

Timeline

PublishedApr 2

Latest updateMay 13

Description

An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDmoxa/awk-3131a_firmware1.1

▶CVEListV5talos/moxaMoxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client 1.1

🔴Vulnerability Details

GHSA

GHSA-244f-3h24-62fj: An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1↗2022-05-13

▶

CVEList

CVE-2016-8717: An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1↗2018-04-02

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Hard-coded Credential Flaw in Moxa ICS Wireless Access Points Identified and Fixed↗2017-04-21

▶