CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-8716
https://notcve.org/view.php?id=CVE-2016-8716
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Existe una vulnerabilidad explícita para Cleartext Transmission of Password en la funcionalidad de aplicación Web del Moxa AWK-3131A Wireless Access Point que ejecuta el firmware 1.1. La funcionalidad Cambiar contraseña de la aplicación web transmite la contraseña en texto sin cifrar. • http://www.talosintelligence.com/reports/TALOS-2016-0230 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-8718
https://notcve.org/view.php?id=CVE-2016-8718
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. Existe una vulnerabilidad explotable de Cross-Site Request Forgery en la funcionalidad de aplicación Web del Moxa AWK-3131A Wireless Access Point que ejecuta el firmware 1.1. Un formulario especialmente manipulado puede engañar a un cliente para que haga una solicitud no intencional al servidor web que se tratará como una solicitud auténtica. • http://www.talosintelligence.com/reports/TALOS-2016-0232 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-8719
https://notcve.org/view.php?id=CVE-2016-8719
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Existe una vulnerabilidad de Cross-Site Scripting que se puede reflejar en la funcionalidad de aplicación Web del Moxa AWK-3131A Wireless Access Point que ejecuta el firmware 1.1. Una entrada especialmente hecha a mano, en múltiples parámetros, puede hacer que una víctima ejecute scripts maliciosos. • http://www.talosintelligence.com/reports/TALOS-2016-0233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2016-8363
https://notcve.org/view.php?id=CVE-2016-8363
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. Ha sido descubierto un problema en Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series y AWK-5222/6222 Series. El usuario puede ejecutar comandos arbitrarios de SO en el servidor. • http://www.securityfocus.com/bid/94092 https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2016-8362
https://notcve.org/view.php?id=CVE-2016-8362
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. Ha sido descubierto un problema en Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series y AWK-5222/6222 Series. Cualquier usuario puede descargar archivos de inicio de sesión al acceder a una URL específica. • http://www.securityfocus.com/bid/94092 https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01 • CWE-287: Improper Authentication •