Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for awk-3131a by moxa

    VAR-201704-0969

    Vulnerability from variot - Updated: 2025-04-20 23:42

    An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0969",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          }
        ]
      },
      "cve": "CVE-2016-8721",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-8721",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-11314",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-97541",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2016-8721",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2016-8721",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8721",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8721",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8721",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-11314",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1078",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97541",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable OS Command Injection vulnerability exists in the web application \u0027ping\u0027 functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8721",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0235",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96530",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "id": "VAR-201704-0969",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:42:14.400000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0235/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8721"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8721"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "date": "2017-04-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "date": "2017-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "date": "2017-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "date": "2017-04-20T18:59:01.577000",
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97541"
          },
          {
            "date": "2017-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008475"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8721"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless Access Point Operating System Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-11314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1078"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0970

    Vulnerability from variot - Updated: 2025-04-20 23:40

    An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0970",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          }
        ]
      },
      "cve": "CVE-2016-8722",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8722",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-33746",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97542",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8722",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8722",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8722",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8722",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8722",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-33746",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-732",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97542",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8722",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0236",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96536",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "id": "VAR-201704-0970",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          }
        ],
        "trust": 1.28235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:40:09.803000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0236",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0236/"
          },
          {
            "title": "MoxaAWK-3131ASeriesIndustrialIEEE Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/105993"
          },
          {
            "title": "Moxa AWK-3131A Series Industrial IEEE Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190025"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0236/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8722"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8722"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "date": "2017-04-13T19:59:00.270000",
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-11-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "date": "2022-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97542"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008405"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8722"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Series Industrial IEEE Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-33746"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-732"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0966

    Vulnerability from variot - Updated: 2025-04-20 23:38

    An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. A remote attacker could exploit this vulnerability to perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0966",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          }
        ]
      },
      "cve": "CVE-2016-8718",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-8718",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-07351",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-97538",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-8718",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2016-8718",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-8718",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8718",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8718",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8718",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07351",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-618",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97538",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. A remote attacker could exploit this vulnerability to perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8718",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0232",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96541",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "id": "VAR-201704-0966",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:38:32.138000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0232",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0232/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0232/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8718"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8718"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "date": "2017-04-12T19:59:00.193000",
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97538"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008402"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8718"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless Access Point Cross-Site Request Forgery Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-618"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0971

    Vulnerability from variot - Updated: 2025-04-20 23:37

    An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0971",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          }
        ]
      },
      "cve": "CVE-2016-8723",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8723",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-07353",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97543",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8723",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8723",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8723",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8723",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8723",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07353",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-731",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97543",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an \u0027/\u0027 will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8723",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0237",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96539",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "id": "VAR-201704-0971",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:37:56.770000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0237",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0237/"
          },
          {
            "title": "MoxaAWK-3131AWirelessAccessPoint HTTP Denial of Service Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/94156"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70215"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0237/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8723"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8723"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "date": "2017-04-13T19:59:00.317000",
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07353"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97543"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8723"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008406"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-731"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0967

    Vulnerability from variot - Updated: 2025-04-20 23:36

    An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Moxa AWK-3131A Wireless AP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0967",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          }
        ]
      },
      "cve": "CVE-2016-8719",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-8719",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-07352",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-97539",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-8719",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2016-8719",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-8719",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8719",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8719",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8719",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07352",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-617",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97539",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Moxa AWK-3131A Wireless AP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8719",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0233",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96533",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "id": "VAR-201704-0967",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:36:55.425000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0232",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0232/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0233/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8719"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8719"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "date": "2017-04-12T19:59:00.227000",
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97539"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008403"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8719"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless Access Point Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-617"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0965

    Vulnerability from variot - Updated: 2025-04-20 23:32

    An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0965",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          }
        ]
      },
      "cve": "CVE-2016-8716",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CVE-2016-8716",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2017-07350",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "VHN-97536",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2016-8716",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2016-8716",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8716",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8716",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8716",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07350",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-619",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97536",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8716",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0230",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96540",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "id": "VAR-201704-0965",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:32:59.274000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0230",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0230"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-640",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0230"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8716"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8716"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "date": "2017-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "date": "2017-04-12T19:59:00.163000",
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07350"
          },
          {
            "date": "2022-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97536"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8716"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP Vulnerable to password management",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008401"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-619"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0968

    Vulnerability from variot - Updated: 2025-04-20 23:27

    An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. Moxa AWK-3131A Wireless AP Contains an injection vulnerability.Information may be tampered with. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0968",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          }
        ]
      },
      "cve": "CVE-2016-8720",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-8720",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-97540",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-8720",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.6,
                "id": "CVE-2016-8720",
                "impactScore": 1.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2016-8720",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8720",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8720",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8720",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-733",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97540",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. Moxa AWK-3131A Wireless AP Contains an injection vulnerability.Information may be tampered with. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8720",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0234",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96538",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97540",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "id": "VAR-201704-0968",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          }
        ],
        "trust": 0.68235294
      },
      "last_update_date": "2025-04-20T23:27:26.057000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0234",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0234/"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70216"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0234/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8720"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8720"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "date": "2017-04-13T19:59:00.237000",
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97540"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8720"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008404"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-733"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0964

    Vulnerability from variot - Updated: 2025-04-20 23:26

    An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0964",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          }
        ]
      },
      "cve": "CVE-2016-8712",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-8712",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-97532",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2016-8712",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2016-8712",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-8712",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8712",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8712",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8712",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-734",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97532",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8712",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0225",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96535",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97532",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "id": "VAR-201704-0964",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          }
        ],
        "trust": 0.68235294
      },
      "last_update_date": "2025-04-20T23:26:07.332000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0225",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0225/"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70217"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-613",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0225/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8712"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8712"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "date": "2017-04-13T19:59:00.207000",
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97532"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8712"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP Session expiration vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008400"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-734"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0973

    Vulnerability from variot - Updated: 2025-04-20 23:23

    An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0973",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          }
        ]
      },
      "cve": "CVE-2016-8725",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8725",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-07354",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97545",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8725",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8725",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8725",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8725",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8725",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07354",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-729",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97545",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8725",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0239",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96532",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "id": "VAR-201704-0973",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:23:46.961000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0239",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0239/"
          },
          {
            "title": "Patch for MoxaAWK-3131AWirelessAccessPoint Information Disclosure Vulnerability (CNVD-2017-07354)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/94158"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70213"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0239/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8725"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8725"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "date": "2017-04-13T19:59:00.377000",
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07354"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97545"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8725"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008408"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-729"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0975

    Vulnerability from variot - Updated: 2025-04-20 23:22

    An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0975",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-1131a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          }
        ]
      },
      "cve": "CVE-2016-8727",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8727",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97547",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8727",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8727",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8727",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-727",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97547",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8727",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0241",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-97547",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "id": "VAR-201704-0975",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          }
        ],
        "trust": 0.70935827
      },
      "last_update_date": "2025-04-20T23:22:23.615000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0241",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0241/"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70211"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0241/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8727"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8727"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "date": "2017-04-13T19:59:00.440000",
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97547"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8727"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008410"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-727"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0972

    Vulnerability from variot - Updated: 2025-04-20 23:16

    An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0972",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          },
          {
            "model": "awk-3131a wireless access point",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          }
        ]
      },
      "cve": "CVE-2016-8724",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8724",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-07355",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97544",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8724",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8724",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8724",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8724",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8724",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-07355",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-730",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97544",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8724",
            "trust": 3.1
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0238",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96534",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "id": "VAR-201704-0972",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          }
        ],
        "trust": 1.49117647
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:16:10.576000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0238",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0238/"
          },
          {
            "title": "MoxaAWK-3131AWirelessAccessPoint Information Disclosure Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/94157"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70214"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0238/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8724"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8724"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "date": "2017-04-13T19:59:00.347000",
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97544"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008407"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8724"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless Access Point Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-07355"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-730"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0974

    Vulnerability from variot - Updated: 2025-04-20 23:13

    An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0974",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          }
        ]
      },
      "cve": "CVE-2016-8726",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8726",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97546",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8726",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8726",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8726",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8726",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8726",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-728",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97546",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8726",
            "trust": 2.5
          },
          {
            "db": "TALOS",
            "id": "TALOS-2016-0240",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96531",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97546",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "id": "VAR-201704-0974",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          }
        ],
        "trust": 0.68235294
      },
      "last_update_date": "2025-04-20T23:13:12.434000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "http://www.moxa.com/product/AWK-3131A.htm"
          },
          {
            "title": "TALOS-2016-0240",
            "trust": 0.8,
            "url": "https://www.talosintelligence.com/reports/TALOS-2016-0240/"
          },
          {
            "title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70212"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.talosintelligence.com/reports/talos-2016-0240/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8726"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8726"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "date": "2017-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "date": "2017-04-13T19:59:00.410000",
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97546"
          },
          {
            "date": "2017-05-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8726"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless AP In  NULL Pointer dereference vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008409"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-728"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0072

    Vulnerability from variot - Updated: 2025-04-20 22:59

    An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. MOXAOnCell is an industrial grade IP gateway product. Moxa OnCellG3470A-LTE etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0072",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "oncellg3470a-lte",
            "scope": null,
            "trust": 1.4,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-3191",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "wac-1001 v2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-1121",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1127",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "wac-2004",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-4131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "oncellg3470a-lte",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-5232",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-6232",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1121",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1127",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3191",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-4131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-6232",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-1001 v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-2004",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5222/6222 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131/4131 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121/4121 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "tap-6226 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232-m12-rcc series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131-m12-rcc series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121-m12-rtg series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-2004 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-1001 series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "v2"
          },
          {
            "model": "awk-1121/1127 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232/6232 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3191 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1131a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-6232",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-5232",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "wac-1001 v2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1121",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "wac-2004",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1127",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "wac-2004",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "wac-1001",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "v20"
          },
          {
            "model": "tap-6226",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "oncellg3470a-lte",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-6232",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-6222",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5232",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5222",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4131",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3191",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1127",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1121_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1127_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3121-m12-rtg_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131-m12-rcc_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3191_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-4131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-5232_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-5232-m12-rcc_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-6232_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:oncellg3470a-lte_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:wac-1001_v2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:wac-2004_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8363",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8363",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2016-10730",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-97183",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8363",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8363",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8363",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-10730",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-109",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97183",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-8363",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. MOXAOnCell is an industrial grade IP gateway product. Moxa OnCellG3470A-LTE etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8363",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-308-01",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "94092",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "id": "VAR-201702-0072",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          }
        ],
        "trust": 1.6229144359999998
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          }
        ]
      },
      "last_update_date": "2025-04-20T22:59:33.743000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.moxa.com/"
          },
          {
            "title": "MoxaOnCellSeries product OS command execution vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/83629"
          },
          {
            "title": "Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65482"
          },
          {
            "title": "Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65335"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-01"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/94092"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8363"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8363"
          },
          {
            "trust": 0.3,
            "url": "http://www.moxa.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "date": "2016-11-03T00:00:00",
            "db": "BID",
            "id": "94092"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "date": "2017-02-13T21:59:01.080000",
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-10730"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97183"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8363"
          },
          {
            "date": "2016-11-24T01:07:00",
            "db": "BID",
            "id": "94092"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          },
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8363"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa OnCell Any on the server in series products  OS Command execution vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007997"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-109"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0071

    Vulnerability from variot - Updated: 2025-04-20 20:47

    An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. MOXAOnCell is an industrial grade IP gateway product. The MoxaOnCellSeries product verification bypass vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access. Moxa OnCell Series products are prone to an authentication-bypass vulnerability and an OS command execution vulnerability. Moxa OnCellG3470A-LTE etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0071",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "oncellg3470a-lte",
            "scope": null,
            "trust": 1.4,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-3191",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "wac-1001 v2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-1121",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1127",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "wac-2004",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-4131a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "oncellg3470a-lte",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-5232",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-6232",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-1121",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1127",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3191",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-4131a",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-6232",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-1001 v2",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-2004",
            "scope": null,
            "trust": 0.8,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5222/6222 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131/4131 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121/4121 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "tap-6226 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232-m12-rcc series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3131-m12-rcc series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3121-m12-rtg series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-2004 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "wac-1001 series",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "v2"
          },
          {
            "model": "awk-1121/1127 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-5232/6232 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-3191 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1131a/3131a/4131a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          },
          {
            "model": "awk-1131a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-6232",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "oncellg3470a-lte",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-5232",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-4131a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "10-31-2016"
          },
          {
            "model": "awk-1121",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "06-29-2017"
          },
          {
            "model": "awk-3191",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "05-30-2017"
          },
          {
            "model": "wac-2004",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "wac-1001",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "v20"
          },
          {
            "model": "tap-6226",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "oncellg3470a-lte",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-6232",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-6222",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5232-m12-rcc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5232",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-5222",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4131",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-4121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3191",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131-m12-rcc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3131",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3121-m12-rtg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-3121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1131a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1127",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          },
          {
            "model": "awk-1121",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "moxa",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1121_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1127_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-1131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3121-m12-rtg_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131-m12-rcc_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3191_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-4131a_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-5232_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-5232-m12-rcc_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-6232_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:oncellg3470a-lte_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:wac-1001_v2_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:moxa:wac-2004_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Maxim Rupp",
        "sources": [
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-8362",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-8362",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2016-10731",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-97182",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-8362",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8362",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8362",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-10731",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-108",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97182",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-8362",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. MOXAOnCell is an industrial grade IP gateway product. The MoxaOnCellSeries product verification bypass vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access. Moxa OnCell Series products are prone to an authentication-bypass vulnerability and an OS command execution vulnerability. Moxa OnCellG3470A-LTE etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-8362",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-308-01",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "94092",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731",
            "trust": 0.6
          },
          {
            "db": "OTHER",
            "id": "NONE",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "id": "VAR-201702-0071",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          }
        ],
        "trust": 1.72773228375
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "network device"
            ],
            "sub_category": "LTE device",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          }
        ]
      },
      "last_update_date": "2025-04-20T20:47:21.301000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.moxa.com/"
          },
          {
            "title": "MoxaOnCellSeries product verification patch to bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/83636"
          },
          {
            "title": "Moxa OnCell Series product authentication bypass vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65334"
          },
          {
            "title": "Moxa OnCell Series product authentication bypass vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65481"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-01"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/94092"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8362"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8362"
          },
          {
            "trust": 0.3,
            "url": "http://www.moxa.com/"
          },
          {
            "trust": 0.1,
            "url": "https://ieeexplore.ieee.org/abstract/document/10769424"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "OTHER",
            "id": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "db": "BID",
            "id": "94092"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "date": "2016-11-03T00:00:00",
            "db": "BID",
            "id": "94092"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "date": "2017-02-13T21:59:01.050000",
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-10731"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97182"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8362"
          },
          {
            "date": "2016-11-24T01:07:00",
            "db": "BID",
            "id": "94092"
          },
          {
            "date": "2017-04-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          },
          {
            "date": "2016-11-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-8362"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Moxa OnCell Vulnerability in downloading log files in series products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007996"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-108"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0372

    Vulnerability from variot - Updated: 2024-11-23 23:02

    An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "moxa",
            "version": "1.7"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "moxa",
            "version": "1.6"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "moxa",
            "version": "1.5"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "moxa",
            "version": "1.4"
          },
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "moxa",
            "version": "1.4 to  1.7"
          },
          {
            "model": "awk-3131a",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "moxa",
            "version": "1.4\u003c=1.7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          }
        ]
      },
      "cve": "CVE-2017-14459",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-14459",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-10105",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-105183",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-14459",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-14459",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-14459",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2017-14459",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-14459",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-10105",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201709-609",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-105183",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-14459",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-105183",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-14459",
            "trust": 3.2
          },
          {
            "db": "TALOS",
            "id": "TALOS-2017-0507",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "44398",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "id": "VAR-201804-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          }
        ],
        "trust": 1.28235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          }
        ]
      },
      "last_update_date": "2024-11-23T23:02:10.971000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A \u30b7\u30ea\u30fc\u30ba",
            "trust": 0.8,
            "url": "https://japan.moxa.com/product/AWK-3131A.htm"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0507"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14459"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14459"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "date": "2017-09-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "date": "2018-04-11T16:29:00.213000",
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-105183"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-14459"
          },
          {
            "date": "2018-06-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-013280"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          },
          {
            "date": "2024-11-21T03:12:50.197000",
            "db": "NVD",
            "id": "CVE-2017-14459"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Operating System Command Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10105"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201709-609"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201804-0468

    Vulnerability from variot - Updated: 2024-11-23 22:59

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. An attacker could exploit this vulnerability to take complete control of the device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0468",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          }
        ]
      },
      "cve": "CVE-2016-8717",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-8717",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-97537",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8717",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-8717",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-8717",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-8717",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2016-8717",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-8717",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201804-074",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-97537",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-8717",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. An attacker could exploit this vulnerability to take complete control of the device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2016-0231",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074",
            "trust": 0.7
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-96529",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-97537",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "id": "VAR-201804-0468",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          }
        ],
        "trust": 0.68235294
      },
      "last_update_date": "2024-11-23T22:59:04.495000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/product/AWK-3131A.htm"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0231"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8717"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8717"
          },
          {
            "trust": 0.6,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2016-0231"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/798.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "date": "2018-04-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "date": "2018-06-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "date": "2018-04-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "date": "2018-04-02T17:29:00.217000",
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-97537"
          },
          {
            "date": "2018-05-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-8717"
          },
          {
            "date": "2018-06-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          },
          {
            "date": "2024-11-21T02:59:55.030000",
            "db": "NVD",
            "id": "CVE-2016-8717"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Wireless Access Points Vulnerabilities related to the use of hard-coded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-009004"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201804-074"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0356

    Vulnerability from variot - Updated: 2024-11-23 22:05

    The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Moxa AWK-3131A There is a vulnerability in the firmware regarding the use of hard-coded credentials.Information may be obtained. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to decrypt captured traffic

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0356",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          }
        ]
      },
      "cve": "CVE-2019-5137",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5137",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014650",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13492",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5137",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5137",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014650",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5137",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5137",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014650",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13492",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1116",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Moxa AWK-3131A There is a vulnerability in the firmware regarding the use of hard-coded credentials.Information may be obtained. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to decrypt captured traffic",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5137",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0926",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "46065",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "id": "VAR-202002-0356",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.960000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A ServiceAgent Trust Management Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204811"
          },
          {
            "title": "Moxa AWK-3131A ServiceAgent Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110290"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-321",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0926"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5137"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5137"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/46065"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "date": "2020-02-25T16:15:10.420000",
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13492"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          },
          {
            "date": "2024-11-21T04:44:25.247000",
            "db": "NVD",
            "id": "CVE-2019-5137"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Vulnerability in using hard-coded credentials in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014650"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1116"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0358

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Moxa AWK-3131A is a wireless switch from Moxa. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0358",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          }
        ]
      },
      "cve": "CVE-2019-5139",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5139",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014645",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.1,
                "id": "CNVD-2020-14253",
                "impactScore": 9.2,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2019-5139",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2019-5139",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014645",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5139",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5139",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014645",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-14253",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1115",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Moxa AWK-3131A is a wireless switch from Moxa. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0928",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "46064",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "id": "VAR-202002-0358",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.931000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Trust Management Issue Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/205251"
          },
          {
            "title": "Moxa AWK-3131A Repair measures for trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110781"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0928"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5139"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5139"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/46064"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "date": "2020-02-25T16:15:10.577000",
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014645"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          },
          {
            "date": "2024-11-21T04:44:25.497000",
            "db": "NVD",
            "id": "CVE-2019-5139"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Trust Management Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-14253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1115"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0361

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0361",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          }
        ]
      },
      "cve": "CVE-2019-5142",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5142",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014648",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13481",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5142",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014648",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5142",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5142",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014648",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13481",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1143",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5142",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0931",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "id": "VAR-202002-0361",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.903000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0931"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5142"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5142"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "date": "2020-02-25T16:15:10.780000",
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13481"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          },
          {
            "date": "2024-11-21T04:44:25.847000",
            "db": "NVD",
            "id": "CVE-2019-5142"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014648"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1143"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0359

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0359",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          }
        ]
      },
      "cve": "CVE-2019-5140",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5140",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014646",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13477",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5140",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5140",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014646",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5140",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5140",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014646",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13477",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1118",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0929",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "id": "VAR-202002-0359",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.573000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A iw_webs Functional Operating System Command Injection Vulnerability (CNVD-2020-13477)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204731"
          },
          {
            "title": "Moxa AWK-3131A iw_webs Functional OS Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110292"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0929"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5140"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5140"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "date": "2020-02-25T16:15:10.657000",
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13477"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          },
          {
            "date": "2024-11-21T04:44:25.613000",
            "db": "NVD",
            "id": "CVE-2019-5140"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014646"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1118"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0362

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless switch from Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0362",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          }
        ]
      },
      "cve": "CVE-2019-5143",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5143",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014691",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-15515",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5143",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014691",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5143",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014691",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-15515",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1127",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless switch from Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5143",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0932",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "id": "VAR-202002-0362",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.547000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A code execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/206925"
          },
          {
            "title": "Moxa AWK-3131A Fixes for formatting string error vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111214"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-134",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0932"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5143"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5143"
          },
          {
            "trust": 0.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0932\\"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "date": "2020-02-25T16:15:10.827000",
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-15515"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          },
          {
            "date": "2024-11-21T04:44:25.963000",
            "db": "NVD",
            "id": "CVE-2019-5143"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Format string vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "format string error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1127"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0363

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. Moxa AWK-3131A There is an integer underflow vulnerability in the firmware.Service operation interruption (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa.

    Moxa AWK-3131A has a buffer overflow vulnerability. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0363",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "moxa",
            "version": "1.13"
          },
          {
            "model": "awk-3131a",
            "scope": null,
            "trust": 0.6,
            "vendor": "moxa",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          }
        ]
      },
      "cve": "CVE-2019-5148",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-5148",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014692",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13476",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5148",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-5148",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014692",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5148",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5148",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014692",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13476",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1128",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. Moxa AWK-3131A There is an integer underflow vulnerability in the firmware.Service operation interruption (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. \n\r\n\r\nMoxa AWK-3131A has a buffer overflow vulnerability. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0938",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "id": "VAR-202002-0363",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.520000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Buffer Overflow Vulnerability (CNVD-2020-13476)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204737"
          },
          {
            "title": "Moxa AWK-3131A Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110299"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-191",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-125",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0938"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5148"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5148"
          },
          {
            "trust": 0.8,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0938\\"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "date": "2020-02-25T16:15:10.890000",
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13476"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          },
          {
            "date": "2024-11-21T04:44:26.530000",
            "db": "NVD",
            "id": "CVE-2019-5148"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Integer underflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014692"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1128"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0366

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. Moxa AWK-3131A There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa.

    There is a security hole in the handling of host names in Moxa AWK-3131A using firmware 1.13

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0366",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          }
        ]
      },
      "cve": "CVE-2019-5165",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5165",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014690",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2020-13491",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2019-5165",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.3,
                "id": "CVE-2019-5165",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014690",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5165",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5165",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014690",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13491",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1120",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. Moxa AWK-3131A There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. \n\r\n\r\nThere is a security hole in the handling of host names in Moxa AWK-3131A using firmware 1.13",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0960",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "id": "VAR-202002-0366",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.490000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Authentication Bypass Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204809"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-288",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0960"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5165"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5165"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "date": "2020-02-25T16:15:11.077000",
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13491"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          },
          {
            "date": "2024-11-21T04:44:28.490000",
            "db": "NVD",
            "id": "CVE-2019-5165"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Authentication vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014690"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1120"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0355

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0355",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          }
        ]
      },
      "cve": "CVE-2019-5136",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5136",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014649",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13471",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5136",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014649",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5136",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5136",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014649",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13471",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1140",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5136",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0925",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "id": "VAR-202002-0355",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.463000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Access Control Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204763"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-269",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0925"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5136"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5136"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "date": "2020-02-25T16:15:10.343000",
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014649"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          },
          {
            "date": "2024-11-21T04:44:25.130000",
            "db": "NVD",
            "id": "CVE-2019-5136"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13471"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1140"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0364

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A A classic buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to execute code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0364",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          }
        ]
      },
      "cve": "CVE-2019-5153",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5153",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014715",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13480",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5153",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2019-5153",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014715",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5153",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5153",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014715",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13480",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1137",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A A classic buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to execute code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0944",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "id": "VAR-202002-0364",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.435000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204725"
          },
          {
            "title": "Moxa AWK-3131A Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110787"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-120",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0944"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5153"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5153"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "date": "2020-03-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "date": "2020-02-25T16:15:10.953000",
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13480"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          },
          {
            "date": "2022-06-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          },
          {
            "date": "2024-11-21T04:44:27.107000",
            "db": "NVD",
            "id": "CVE-2019-5153"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014715"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1137"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0360

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0360",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          }
        ]
      },
      "cve": "CVE-2019-5141",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5141",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014647",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13475",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5141",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014647",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5141",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014647",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13475",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1122",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-5141",
            "trust": 3.0
          },
          {
            "db": "TALOS",
            "id": "TALOS-2019-0930",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "id": "VAR-202002-0360",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.408000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A iw_webs feature operating system command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204741"
          },
          {
            "title": "Moxa AWK-3131A iw_webs Functional OS Command Injection Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110295"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0930"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5141"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5141"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "date": "2020-02-25T16:15:10.703000",
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13475"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          },
          {
            "date": "2024-11-21T04:44:25.733000",
            "db": "NVD",
            "id": "CVE-2019-5141"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014647"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1122"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0365

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0365",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          }
        ]
      },
      "cve": "CVE-2019-5162",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5162",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014689",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13493",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-5162",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2019-5162",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014689",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5162",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5162",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014689",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13493",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1114",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0955",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "id": "VAR-202002-0365",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.381000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A iw_webs Account Setting Function Access Control Error Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204819"
          },
          {
            "title": "Moxa AWK-3131A iw_webs Account Settings Function Access Control Error Vulnerability Fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110780"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-269",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0955"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5162"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5162"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "date": "2020-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "date": "2020-02-25T16:15:11.030000",
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13493"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          },
          {
            "date": "2024-11-21T04:44:28.120000",
            "db": "NVD",
            "id": "CVE-2019-5162"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A Privilege management vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014689"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1114"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202002-0357

    Vulnerability from variot - Updated: 2024-11-23 22:05

    An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0357",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "awk-3131a",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "moxa",
            "version": "1.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:moxa:awk-3131a_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          }
        ]
      },
      "cve": "CVE-2019-5138",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-5138",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014651",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-13473",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2019-5138",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "talos-cna@cisco.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.1,
                "id": "CVE-2019-5138",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.9,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014651",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-5138",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "talos-cna@cisco.com",
                "id": "CVE-2019-5138",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014651",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-13473",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-1134",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "TALOS",
            "id": "TALOS-2019-0927",
            "trust": 3.0
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-063-04",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0781",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "id": "VAR-202002-0357",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          }
        ],
        "trust": 1.18235294
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:05:48.353000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AWK-3131A Series",
            "trust": 0.8,
            "url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
          },
          {
            "title": "Patch for Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13473)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/204749"
          },
          {
            "title": "Moxa AWK-3131A Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110303"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0927"
          },
          {
            "trust": 1.4,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5138"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5138"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "date": "2020-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "date": "2020-02-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "date": "2020-02-25T16:15:10.500000",
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-13473"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          },
          {
            "date": "2022-04-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          },
          {
            "date": "2024-11-21T04:44:25.370000",
            "db": "NVD",
            "id": "CVE-2019-5138"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Moxa AWK-3131A In firmware  OS Command injection vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014651"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-1134"
          }
        ],
        "trust": 0.6
      }
    }