Moxa Awk-3131A Firmware vulnerabilities

CVE-2016-8725 [MEDIUM] CWE-200 CVE-2016-8725: An exploitable information disclosure vulnerability exists in the Web Application functionality of t An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

CVE-2016-8720 [MEDIUM] CWE-74 CVE-2016-8720: An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of th An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.

CVE-2016-8722 [MEDIUM] CWE-200 CVE-2016-8722: An exploitable Information Disclosure vulnerability exists in the Web Application functionality of M An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

CVE-2016-8716 [HIGH] CWE-640 CVE-2016-8716: An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functi An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.

CVE-2016-8718 [HIGH] CWE-352 CVE-2016-8718: An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.

CVE-2016-8719 [MEDIUM] CWE-79 CVE-2016-8719: An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functional An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.

CVE-2016-8363 [CRITICAL] CWE-264 CVE-2016-8363: An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Seri An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User

CVE-2016-8362 [MEDIUM] CWE-287 CVE-2016-8362: An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Seri An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any us