CVE-2016-8720 — Injection in Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge Client

CWE-74 — Injection3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

1.2%

top 21.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Awk-3131a Series Industrial Ieee 802.11a B G N Wireless AP Bridge Client Moxa Awk-3131a Firmware

Timeline

PublishedApr 13

Latest updateMay 13

Description

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmoxa/awk-3131a_firmware1.1

▶CVEListV5moxa/awk-3131a_series_industrial_ieee_802.11a_b_g_n_wireless_ap_bridge_client1.1

🔴Vulnerability Details

GHSA

GHSA-hq6q-jfv4-xqv9: An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running fir↗2022-05-13

▶

CVEList

CVE-2016-8720: An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running fir↗2017-04-13

▶