CVE-2016-8712 MEDIUM

CVE-2016-8712

Vendor Moxa
Product AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
Published April 13, 2017
Last update August 6, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.

Key dates

02Disclosure timeline

April 13, 2017 CVE published
August 6, 2024 Record updated