CVE-2016-8718 — Cross-Site Request Forgery in Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge Client

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 63.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge Client Moxa Awk-3131a Firmware

Timeline

PublishedApr 12

Latest updateMay 13

Description

An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5moxa/awk-3131a_series_industrial_ieee_802.11a_b_g_n_wireless_ap_bridge_client1.1

▶NVDmoxa/awk-3131a_firmware1.1

🔴Vulnerability Details

GHSA

GHSA-8r47-h8vp-gw7q: An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running fi↗2022-05-13

▶

CVEList

CVE-2016-8718: An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running fi↗2017-04-12

▶