CVE-2016-8720 LOW

CVE-2016-8720

Vendor Moxa
Product AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
Published April 13, 2017
Last update August 6, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response.

Key dates

02Disclosure timeline

April 13, 2017 CVE published
August 6, 2024 Record updated