CVE-2016-8716 - OpenCVE

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moxa	Awk-3131a Awk-3131a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*

cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.talosintelligence.com/reports/TALOS-2016-0230

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2017-04-12T19:00:00

Updated: 2024-08-06T02:27:41.291Z

Reserved: 2016-10-17T00:00:00

Link: CVE-2016-8716

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-12T19:59:00.163

Modified: 2022-12-14T13:50:05.507

Link: CVE-2016-8716

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", "vendor": "Moxa", "versions": [{"status": "affected", "version": "1.1"}]}], "datePublic": "2017-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cleartext Transmission vulnerabilty", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T19:16:50", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0230"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2016-8716", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client", "version": {"version_data": [{"version_value": "1.1"}]}}]}, "vendor_name": "Moxa"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials."}]}, "impact": {"cvss": {"baseScore": 7.5, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Transmission vulnerabilty"}]}]}, "references": {"reference_data": [{"name": "http://www.talosintelligence.com/reports/TALOS-2016-0230", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0230"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.291Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0230"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-8716", "datePublished": "2017-04-12T19:00:00", "dateReserved": "2016-10-17T00:00:00", "dateUpdated": "2024-08-06T02:27:41.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA62CFB0-5FF5-4468-8667-E87006FE9686", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*", "matchCriteriaId": "143AB2D7-E663-4F5D-A9EC-5E3A15B114E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials."}, {"lang": "es", "value": "Existe una vulnerabilidad expl\u00edcita para Cleartext Transmission of Password en la funcionalidad de aplicaci\u00f3n Web del Moxa AWK-3131A Wireless Access Point que ejecuta el firmware 1.1. La funcionalidad Cambiar contrase\u00f1a de la aplicaci\u00f3n web transmite la contrase\u00f1a en texto sin cifrar. Un atacante capaz de interceptar este tr\u00e1fico es capaz de obtener credenciales v\u00e1lidas."}], "id": "CVE-2016-8716", "lastModified": "2022-12-14T13:50:05.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-12T19:59:00.163", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0230"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "nvd@nist.gov", "type": "Primary"}]}