CVE-2016-8721
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
Existe una vulnerabilidad de Inyección explotable de Comando OS en la funcionalidad 'ping' de la aplicación web de Moxa AWK-3131A Wireless Access Points que ejecutan el firmware 1.1. Una entrada de formulario web especialmente manipulada puede provocar una inyección de Comando del SO, resultando en un comprometimiento total del dispositivo vulnerable. Un atacante puede explotar esta vulnerabilidad de forma remota.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-17 CVE Reserved
- 2017-04-20 CVE Published
- 2023-05-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0235 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Moxa Search vendor "Moxa" | Awk-3131a Firmware Search vendor "Moxa" for product "Awk-3131a Firmware" | 1.1 Search vendor "Moxa" for product "Awk-3131a Firmware" and version "1.1" | - |
Affected
| in | Moxa Search vendor "Moxa" | Awk-3131a Search vendor "Moxa" for product "Awk-3131a" | - | - |
Safe
|