Search criteria
28 vulnerabilities found for awk-3131a by moxa
VAR-201704-0964
Vulnerability from variot - Updated: 2023-12-18 14:01An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0964",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8712"
}
]
},
"cve": "CVE-2016-8712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8712",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97532",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8712",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8712",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8712",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-734",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97532",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Moxa AWK-3131A Wireless AP Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules. An attacker could exploit this vulnerability to gain access to a session token and use the token to log in",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "VULHUB",
"id": "VHN-97532"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8712",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2016-0225",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96535",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97532",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"id": "VAR-201704-0964",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97532"
}
],
"trust": 0.68235294
},
"last_update_date": "2023-12-18T14:01:39.213000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0225",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0225/"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70217"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-613",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.talosintelligence.com/reports/talos-2016-0225/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8712"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8712"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97532"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"date": "2017-04-13T19:59:00.207000",
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97532"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008400"
},
{
"date": "2022-12-13T21:57:23.717000",
"db": "NVD",
"id": "CVE-2016-8712"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP Session expiration vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008400"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-734"
}
],
"trust": 0.6
}
}
VAR-201704-0965
Vulnerability from variot - Updated: 2023-12-18 13:57An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0965",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8716"
}
]
},
"cve": "CVE-2016-8716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8716",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-07350",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-97536",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8716",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8716",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8716",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07350",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-619",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97536",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. Moxa AWK-3131A Wireless AP Contains a vulnerability related to the password management function.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules. A security vulnerability exists in the WebApplication feature in MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware, which is caused by the program transmitting passwords in clear text",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8716",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0230",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07350",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96540",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97536",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"id": "VAR-201704-0965",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
}
]
},
"last_update_date": "2023-12-18T13:57:25.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0230",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0230"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-640",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0230"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8716"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8716"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"db": "VULHUB",
"id": "VHN-97536"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"date": "2017-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97536"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"date": "2017-04-12T19:59:00.163000",
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"date": "2017-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07350"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97536"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008401"
},
{
"date": "2022-12-14T13:50:05.507000",
"db": "NVD",
"id": "CVE-2016-8716"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP Vulnerable to password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008401"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-619"
}
],
"trust": 0.6
}
}
VAR-201804-0468
Vulnerability from variot - Updated: 2023-12-18 13:57An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. An attacker could exploit this vulnerability to take complete control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0468",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8717"
}
]
},
"cve": "CVE-2016-8717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-8717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-97537",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8717",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8717",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-074",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97537",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-8717",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. An attacker could exploit this vulnerability to take complete control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "VULMON",
"id": "CVE-2016-8717"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2016-0231",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2016-8717",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96529",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97537",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8717",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"id": "VAR-201804-0468",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97537"
}
],
"trust": 0.68235294
},
"last_update_date": "2023-12-18T13:57:05.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/product/awk-3131a.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0231"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8717"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8717"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2016-0231"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97537"
},
{
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97537"
},
{
"date": "2018-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"date": "2018-04-02T17:29:00.217000",
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"date": "2018-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97537"
},
{
"date": "2018-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8717"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009004"
},
{
"date": "2022-12-14T13:47:04.363000",
"db": "NVD",
"id": "CVE-2016-8717"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless Access Points Vulnerabilities related to the use of hard-coded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-074"
}
],
"trust": 0.6
}
}
VAR-201702-0072
Vulnerability from variot - Updated: 2023-12-18 13:48An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. MOXAOnCell is an industrial grade IP gateway product. Moxa OnCellG3470A-LTE etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncellg3470a-lte",
"scope": null,
"trust": 1.4,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-6232",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-1127",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-5232",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-3121-m12-rtg",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3191",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-1121",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-1001 v2",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-2004",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-4131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-1131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-3131-m12-rcc",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "oncellg3470a-lte",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-1121",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1127",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121-m12-rtg",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131-m12-rcc",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3191",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-4131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-6232",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "wac-1001 v2",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "wac-2004",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5222/6222 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131/4131 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121/4121 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "tap-6226 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131-m12-rcc series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121-m12-rtg series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "wac-2004 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "wac-1001 series",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v2"
},
{
"model": "awk-1121/1127 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232/6232 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3191 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1131a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-6232",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-3121-m12-rtg",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-5232",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-5232-m12-rcc",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-1001 v2",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-1121",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-2004",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-1127",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3131-m12-rcc",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-2004",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "wac-1001",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "v20"
},
{
"model": "tap-6226",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "oncellg3470a-lte",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-6232",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-6222",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5232-m12-rcc",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5232",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5222",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4131",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3191",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131-m12-rcc",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3121-m12-rtg",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1127",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:oncellg3470a-lte_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:oncellg3470a-lte:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-4131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-4131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3191_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3191:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-5232_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-5232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-6232_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-6232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1121_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1127_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1127:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:wac-1001_v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:wac-1001_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:wac-2004_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:wac-2004:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3121-m12-rtg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3121-m12-rtg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131-m12-rcc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131-m12-rcc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-5232-m12-rcc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-5232-m12-rcc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8363"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "94092"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8363",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-10730",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97183",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8363",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8363",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-10730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97183",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-8363",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. MOXAOnCell is an industrial grade IP gateway product. Moxa OnCellG3470A-LTE etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "VULMON",
"id": "CVE-2016-8363"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8363",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-308-01",
"trust": 3.5
},
{
"db": "BID",
"id": "94092",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10730",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97183",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8363",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"id": "VAR-201702-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "VULHUB",
"id": "VHN-97183"
}
],
"trust": 1.6229144359999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
}
]
},
"last_update_date": "2023-12-18T13:48:41.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.moxa.com/"
},
{
"title": "MoxaOnCellSeries product OS command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83629"
},
{
"title": "Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65482"
},
{
"title": "Moxa OnCell Repair measures for operating system command execution vulnerabilities in series products",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-01"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/94092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8363"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8363"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"db": "VULHUB",
"id": "VHN-97183"
},
{
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97183"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"date": "2016-11-03T00:00:00",
"db": "BID",
"id": "94092"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"date": "2017-02-13T21:59:01.080000",
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10730"
},
{
"date": "2017-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-97183"
},
{
"date": "2017-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8363"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94092"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007997"
},
{
"date": "2017-03-16T18:04:08.483000",
"db": "NVD",
"id": "CVE-2016-8363"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa OnCell Any on the server in series products OS Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-109"
}
],
"trust": 0.6
}
}
VAR-201702-0071
Vulnerability from variot - Updated: 2023-12-18 13:48An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. MOXAOnCell is an industrial grade IP gateway product. The MoxaOnCellSeries product verification bypass vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access. Moxa OnCell Series products are prone to an authentication-bypass vulnerability and an OS command execution vulnerability. Moxa OnCellG3470A-LTE etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "oncellg3470a-lte",
"scope": null,
"trust": 1.4,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-6232",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-1127",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-5232",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-3121-m12-rtg",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3191",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-1121",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-1001 v2",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "wac-2004",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-4131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-1131a",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-3131-m12-rcc",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "oncellg3470a-lte",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-1121",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1127",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121-m12-rtg",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131-m12-rcc",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3191",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-4131a",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-6232",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "wac-1001 v2",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "wac-2004",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5222/6222 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131/4131 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121/4121 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "tap-6226 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232-m12-rcc series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3131-m12-rcc series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3121-m12-rtg series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "wac-2004 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "wac-1001 series",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "v2"
},
{
"model": "awk-1121/1127 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-5232/6232 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-3191 series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1131a/3131a/4131a series",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
},
{
"model": "awk-1131a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-6232",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "oncellg3470a-lte",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-5232",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "awk-5232-m12-rcc",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-4131a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "10-31-2016"
},
{
"model": "awk-1121",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3131-m12-rcc",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "06-29-2017"
},
{
"model": "awk-3191",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "05-30-2017"
},
{
"model": "wac-2004",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "wac-1001",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "v20"
},
{
"model": "tap-6226",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "oncellg3470a-lte",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-6232",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-6222",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5232-m12-rcc",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5232",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-5222",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4131",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-4121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3191",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131-m12-rcc",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3131",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3121-m12-rtg",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-3121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1131a",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1127",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
},
{
"model": "awk-1121",
"scope": "eq",
"trust": 0.3,
"vendor": "moxa",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:oncellg3470a-lte_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:oncellg3470a-lte:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-4131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-4131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3191_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3191:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-5232_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-5232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-6232_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05-30-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-6232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1121_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1127_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1127:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:wac-1001_v2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:wac-1001_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:wac-2004_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:wac-2004:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3121-m12-rtg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3121-m12-rtg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131-m12-rcc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131-m12-rcc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-5232-m12-rcc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "06-29-2017",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-5232-m12-rcc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-1131a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10-31-2016",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-1131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "94092"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8362",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-10731",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-97182",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8362",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8362",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-10731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-108",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97182",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-8362",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. MOXAOnCell is an industrial grade IP gateway product. The MoxaOnCellSeries product verification bypass vulnerability allows an attacker to bypass the authentication mechanism and gain unauthorized access. Moxa OnCell Series products are prone to an authentication-bypass vulnerability and an OS command execution vulnerability. Moxa OnCellG3470A-LTE etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "VULMON",
"id": "CVE-2016-8362"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8362",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-308-01",
"trust": 2.9
},
{
"db": "BID",
"id": "94092",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-10731",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97182",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8362",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"id": "VAR-201702-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "VULHUB",
"id": "VHN-97182"
}
],
"trust": 1.62773228375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
}
]
},
"last_update_date": "2023-12-18T13:48:41.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.moxa.com/"
},
{
"title": "MoxaOnCellSeries product verification patch to bypass vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83636"
},
{
"title": "Moxa OnCell Series product authentication bypass vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65334"
},
{
"title": "Moxa OnCell Series product authentication bypass vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65481"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-308-01"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/94092"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8362"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8362"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"db": "VULHUB",
"id": "VHN-97182"
},
{
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"db": "BID",
"id": "94092"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97182"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"date": "2016-11-03T00:00:00",
"db": "BID",
"id": "94092"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"date": "2017-02-13T21:59:01.050000",
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10731"
},
{
"date": "2017-03-16T00:00:00",
"db": "VULHUB",
"id": "VHN-97182"
},
{
"date": "2017-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8362"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94092"
},
{
"date": "2017-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007996"
},
{
"date": "2017-03-16T15:12:26.133000",
"db": "NVD",
"id": "CVE-2016-8362"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Moxa OnCell Vulnerability in downloading log files in series products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007996"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-108"
}
],
"trust": 0.6
}
}
VAR-201704-0966
Vulnerability from variot - Updated: 2023-12-18 13:48An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0966",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8718"
}
]
},
"cve": "CVE-2016-8718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8718",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-07351",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97538",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8718",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8718",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07351",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97538",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8718",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0232",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07351",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96541",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97538",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"id": "VAR-201704-0966",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
}
]
},
"last_update_date": "2023-12-18T13:48:39.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0232",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0232/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0232/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8718"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "VULHUB",
"id": "VHN-97538"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"date": "2017-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97538"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"date": "2017-04-12T19:59:00.193000",
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"date": "2017-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97538"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008402"
},
{
"date": "2022-12-13T18:25:01.677000",
"db": "NVD",
"id": "CVE-2016-8718"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless Access Point Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07351"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-618"
}
],
"trust": 0.6
}
}
VAR-201704-0968
Vulnerability from variot - Updated: 2023-12-18 13:39An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. Moxa AWK-3131A Wireless AP Contains an injection vulnerability.Information may be tampered with. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0968",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8720"
}
]
},
"cve": "CVE-2016-8720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8720",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-97540",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8720",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8720",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8720",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-733",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97540"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. Moxa AWK-3131A Wireless AP Contains an injection vulnerability.Information may be tampered with. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "VULHUB",
"id": "VHN-97540"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8720",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2016-0234",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96538",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97540"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"id": "VAR-201704-0968",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97540"
}
],
"trust": 0.68235294
},
"last_update_date": "2023-12-18T13:39:02.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0234",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0234/"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70216"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97540"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.talosintelligence.com/reports/talos-2016-0234/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8720"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8720"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97540"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97540"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97540"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"date": "2017-04-13T19:59:00.237000",
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97540"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008404"
},
{
"date": "2022-12-13T17:43:27.177000",
"db": "NVD",
"id": "CVE-2016-8720"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008404"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-733"
}
],
"trust": 0.6
}
}
VAR-201704-0969
Vulnerability from variot - Updated: 2023-12-18 13:34An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0969",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8721"
}
]
},
"cve": "CVE-2016-8721",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-8721",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-11314",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-97541",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8721",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8721",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8721",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-11314",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1078",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-97541",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable OS Command Injection vulnerability exists in the web application \u0027ping\u0027 functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8721",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0235",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-11314",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96530",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97541",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"id": "VAR-201704-0969",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
}
]
},
"last_update_date": "2023-12-18T13:34:17.958000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.talosintelligence.com/reports/talos-2016-0235/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8721"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8721"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "VULHUB",
"id": "VHN-97541"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"date": "2017-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-97541"
},
{
"date": "2017-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"date": "2017-04-20T18:59:01.577000",
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97541"
},
{
"date": "2017-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008475"
},
{
"date": "2022-12-13T17:41:06.233000",
"db": "NVD",
"id": "CVE-2016-8721"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless Access Point Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11314"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1078"
}
],
"trust": 0.6
}
}
VAR-201804-0372
Vulnerability from variot - Updated: 2023-12-18 13:33An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "1.7"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "awk-3131a",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.4 to 1.7"
},
{
"model": "awk-3131a",
"scope": "gte",
"trust": 0.6,
"vendor": "moxa",
"version": "1.4\u003c=1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14459"
}
]
},
"cve": "CVE-2017-14459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14459",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10105",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-105183",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14459",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14459",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2017-14459",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-10105",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-105183",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "VULMON",
"id": "CVE-2017-14459"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-105183",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105183"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14459",
"trust": 3.2
},
{
"db": "TALOS",
"id": "TALOS-2017-0507",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-10105",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "44398",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-105183",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-14459",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"id": "VAR-201804-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
}
],
"trust": 1.28235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
}
]
},
"last_update_date": "2023-12-18T13:33:53.098000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A \u30b7\u30ea\u30fc\u30ba",
"trust": 0.8,
"url": "https://japan.moxa.com/product/awk-3131a.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0507"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14459"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14459"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "VULHUB",
"id": "VHN-105183"
},
{
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"date": "2018-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-105183"
},
{
"date": "2018-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"date": "2018-04-11T16:29:00.213000",
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"date": "2017-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULHUB",
"id": "VHN-105183"
},
{
"date": "2018-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14459"
},
{
"date": "2018-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013280"
},
{
"date": "2022-04-19T19:15:17.327000",
"db": "NVD",
"id": "CVE-2017-14459"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10105"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-609"
}
],
"trust": 0.6
}
}
VAR-201704-0974
Vulnerability from variot - Updated: 2023-12-18 13:24An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0974",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8726"
}
]
},
"cve": "CVE-2016-8726",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8726",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97546",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8726",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8726",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8726",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-728",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97546",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97546"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "VULHUB",
"id": "VHN-97546"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8726",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2016-0240",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96531",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97546",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97546"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"id": "VAR-201704-0974",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97546"
}
],
"trust": 0.68235294
},
"last_update_date": "2023-12-18T13:24:29.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0240",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0240/"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70212"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97546"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.talosintelligence.com/reports/talos-2016-0240/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8726"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8726"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97546"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97546"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97546"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"date": "2017-04-13T19:59:00.410000",
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97546"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008409"
},
{
"date": "2022-12-13T17:32:43.533000",
"db": "NVD",
"id": "CVE-2016-8726"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-728"
}
],
"trust": 0.6
}
}
VAR-201704-0967
Vulnerability from variot - Updated: 2023-12-18 13:08An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Moxa AWK-3131A Wireless AP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0967",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8719"
}
]
},
"cve": "CVE-2016-8719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8719",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-07352",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-97539",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8719",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8719",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8719",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07352",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-617",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97539",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. Moxa AWK-3131A Wireless AP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8719",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0233",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07352",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96533",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97539",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"id": "VAR-201704-0967",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
}
]
},
"last_update_date": "2023-12-18T13:08:52.991000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0232",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0232/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97539"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0233/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8719"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8719"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "VULHUB",
"id": "VHN-97539"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"date": "2017-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97539"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"date": "2017-04-12T19:59:00.227000",
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"date": "2017-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97539"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008403"
},
{
"date": "2022-12-13T18:24:33.060000",
"db": "NVD",
"id": "CVE-2016-8719"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless Access Point Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07352"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-617"
}
],
"trust": 0.6
}
}
VAR-201704-0970
Vulnerability from variot - Updated: 2023-12-18 13:03An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0970",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 3.0,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8722"
}
]
},
"cve": "CVE-2016-8722",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8722",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33746",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8722",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8722",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8722",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33746",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8722",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0236",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33746",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96536",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97542",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"id": "VAR-201704-0970",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
}
],
"trust": 1.28235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
}
]
},
"last_update_date": "2023-12-18T13:03:08.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0236",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0236/"
},
{
"title": "MoxaAWK-3131ASeriesIndustrialIEEE Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105993"
},
{
"title": "Moxa AWK-3131A Series Industrial IEEE Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=190025"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97542"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0236/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8722"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8722"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "VULHUB",
"id": "VHN-97542"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97542"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"date": "2017-04-13T19:59:00.270000",
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-97542"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008405"
},
{
"date": "2022-12-14T13:43:27.967000",
"db": "NVD",
"id": "CVE-2016-8722"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Series Industrial IEEE Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33746"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-732"
}
],
"trust": 0.6
}
}
VAR-201704-0972
Vulnerability from variot - Updated: 2023-12-18 12:51An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0972",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8724"
}
]
},
"cve": "CVE-2016-8724",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8724",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07355",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8724",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8724",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8724",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-07355",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-730",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8724",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0238",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07355",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96534",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97544",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"id": "VAR-201704-0972",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
}
]
},
"last_update_date": "2023-12-18T12:51:20.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0238",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0238/"
},
{
"title": "MoxaAWK-3131AWirelessAccessPoint Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94157"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70214"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97544"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0238/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8724"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8724"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "VULHUB",
"id": "VHN-97544"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97544"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"date": "2017-04-13T19:59:00.347000",
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97544"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008407"
},
{
"date": "2022-12-13T17:26:40.717000",
"db": "NVD",
"id": "CVE-2016-8724"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless Access Point Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07355"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-730"
}
],
"trust": 0.6
}
}
VAR-201704-0975
Vulnerability from variot - Updated: 2023-12-18 12:44An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0975",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.6,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-1131a",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8727"
}
]
},
"cve": "CVE-2016-8727",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8727",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97547",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-8727",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8727",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-727",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97547",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "VULHUB",
"id": "VHN-97547"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8727",
"trust": 2.5
},
{
"db": "TALOS",
"id": "TALOS-2016-0241",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97547",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"id": "VAR-201704-0975",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97547"
}
],
"trust": 0.70935827
},
"last_update_date": "2023-12-18T12:44:39.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0241",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0241/"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70211"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.talosintelligence.com/reports/talos-2016-0241/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8727"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8727"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97547"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"date": "2017-04-13T19:59:00.440000",
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-97547"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008410"
},
{
"date": "2017-04-20T12:44:05.093000",
"db": "NVD",
"id": "CVE-2016-8727"
},
{
"date": "2017-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008410"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-727"
}
],
"trust": 0.6
}
}
VAR-201704-0971
Vulnerability from variot - Updated: 2023-12-18 12:37An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0971",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8723"
}
]
},
"cve": "CVE-2016-8723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8723",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07353",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97543",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8723",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8723",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07353",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-731",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97543",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an \u0027/\u0027 will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8723",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0237",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07353",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96539",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97543",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"id": "VAR-201704-0971",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
}
]
},
"last_update_date": "2023-12-18T12:37:29.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0237",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0237/"
},
{
"title": "MoxaAWK-3131AWirelessAccessPoint HTTP Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94156"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0237/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8723"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8723"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"db": "VULHUB",
"id": "VHN-97543"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97543"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"date": "2017-04-13T19:59:00.317000",
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07353"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97543"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008406"
},
{
"date": "2022-12-13T17:24:02.257000",
"db": "NVD",
"id": "CVE-2016-8723"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP In NULL Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-731"
}
],
"trust": 0.6
}
}
VAR-202002-0355
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0355",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5136"
}
]
},
"cve": "CVE-2019-5136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014649",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13471",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014649",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014649",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13471",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1140",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "CNVD",
"id": "CNVD-2020-13471"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5136",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0925",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"id": "VAR-202002-0355",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
}
]
},
"last_update_date": "2023-12-18T12:17:21.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204763"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0925"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5136"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"date": "2020-02-25T16:15:10.343000",
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014649"
},
{
"date": "2022-06-13T20:15:22.200000",
"db": "NVD",
"id": "CVE-2019-5136"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13471"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1140"
}
],
"trust": 0.6
}
}
VAR-202002-0356
Vulnerability from variot - Updated: 2023-12-18 12:17The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Moxa AWK-3131A There is a vulnerability in the firmware regarding the use of hard-coded credentials.Information may be obtained. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to decrypt captured traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5137"
}
]
},
"cve": "CVE-2019-5137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014650",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13492",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014650",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5137",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5137",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014650",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13492",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1116",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. Moxa AWK-3131A There is a vulnerability in the firmware regarding the use of hard-coded credentials.Information may be obtained. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to decrypt captured traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "CNVD",
"id": "CNVD-2020-13492"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5137",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0926",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13492",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"id": "VAR-202002-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
}
]
},
"last_update_date": "2023-12-18T12:17:21.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A ServiceAgent Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204811"
},
{
"title": "Moxa AWK-3131A ServiceAgent Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110290"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0926"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5137"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5137"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"date": "2020-02-25T16:15:10.420000",
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13492"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014650"
},
{
"date": "2022-06-13T20:15:09.627000",
"db": "NVD",
"id": "CVE-2019-5137"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Vulnerability in using hard-coded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1116"
}
],
"trust": 0.6
}
}
VAR-202002-0366
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. Moxa AWK-3131A There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa.
There is a security hole in the handling of host names in Moxa AWK-3131A using firmware 1.13
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0366",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5165"
}
]
},
"cve": "CVE-2019-5165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014690",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2020-13491",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014690",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5165",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5165",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014690",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13491",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1120",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. Moxa AWK-3131A There is an authentication vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. \n\r\n\r\nThere is a security hole in the handling of host names in Moxa AWK-3131A using firmware 1.13",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "CNVD",
"id": "CNVD-2020-13491"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0960",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5165",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1120",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"id": "VAR-202002-0366",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
}
]
},
"last_update_date": "2023-12-18T12:17:21.650000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Authentication Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204809"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0960"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5165"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5165"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"date": "2020-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"date": "2020-02-25T16:15:11.077000",
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13491"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014690"
},
{
"date": "2022-06-13T19:57:50.037000",
"db": "NVD",
"id": "CVE-2019-5165"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Authentication vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014690"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1120"
}
],
"trust": 0.6
}
}
VAR-202002-0359
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0359",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5140"
}
]
},
"cve": "CVE-2019-5140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014646",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13477",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014646",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014646",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13477",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1118",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "CNVD",
"id": "CNVD-2020-13477"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0929",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5140",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13477",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"id": "VAR-202002-0359",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
}
]
},
"last_update_date": "2023-12-18T12:17:21.676000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A iw_webs Functional Operating System Command Injection Vulnerability (CNVD-2020-13477)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204731"
},
{
"title": "Moxa AWK-3131A iw_webs Functional OS Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110292"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0929"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5140"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"date": "2020-02-25T16:15:10.657000",
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13477"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014646"
},
{
"date": "2022-06-13T20:14:53.040000",
"db": "NVD",
"id": "CVE-2019-5140"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014646"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1118"
}
],
"trust": 0.6
}
}
VAR-202002-0365
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0365",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5162"
}
]
},
"cve": "CVE-2019-5162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014689",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13493",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014689",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5162",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5162",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014689",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13493",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1114",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from a network system or product that did not properly restrict access to resources from unauthorized roles. No detailed vulnerability details are provided at this time",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "CNVD",
"id": "CNVD-2020-13493"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0955",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5162",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13493",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"id": "VAR-202002-0365",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
}
]
},
"last_update_date": "2023-12-18T12:17:21.597000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A iw_webs Account Setting Function Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204819"
},
{
"title": "Moxa AWK-3131A iw_webs Account Settings Function Access Control Error Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110780"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0955"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5162"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5162"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"date": "2020-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"date": "2020-02-25T16:15:11.030000",
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13493"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014689"
},
{
"date": "2022-06-13T19:58:31.307000",
"db": "NVD",
"id": "CVE-2019-5162"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Privilege management vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1114"
}
],
"trust": 0.6
}
}
VAR-202002-0363
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. Moxa AWK-3131A There is an integer underflow vulnerability in the firmware.Service operation interruption (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa.
Moxa AWK-3131A has a buffer overflow vulnerability. No detailed vulnerability details are provided at this time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 1.8,
"vendor": "moxa",
"version": "1.13"
},
{
"model": "awk-3131a",
"scope": null,
"trust": 0.6,
"vendor": "moxa",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5148"
}
]
},
"cve": "CVE-2019-5148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014692",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13476",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014692",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5148",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5148",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014692",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13476",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1128",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. Moxa AWK-3131A There is an integer underflow vulnerability in the firmware.Service operation interruption (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. \n\r\n\r\nMoxa AWK-3131A has a buffer overflow vulnerability. No detailed vulnerability details are provided at this time",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "CNVD",
"id": "CNVD-2020-13476"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0938",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5148",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13476",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"id": "VAR-202002-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
}
]
},
"last_update_date": "2023-12-18T12:17:21.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Buffer Overflow Vulnerability (CNVD-2020-13476)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204737"
},
{
"title": "Moxa AWK-3131A Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0938"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5148"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5148"
},
{
"trust": 0.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0938\\"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"date": "2020-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"date": "2020-02-25T16:15:10.890000",
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13476"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014692"
},
{
"date": "2022-06-13T20:13:54.007000",
"db": "NVD",
"id": "CVE-2019-5148"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Integer underflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014692"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1128"
}
],
"trust": 0.6
}
}
VAR-202002-0362
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless switch from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0362",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5143"
}
]
},
"cve": "CVE-2019-5143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014691",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-15515",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5143",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5143",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014691",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-15515",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1127",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless switch from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "CNVD",
"id": "CNVD-2020-15515"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5143",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0932",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-15515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"id": "VAR-202002-0362",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
}
]
},
"last_update_date": "2023-12-18T12:17:21.406000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/206925"
},
{
"title": "Moxa AWK-3131A Fixes for formatting string error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111214"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0932"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5143"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5143"
},
{
"trust": 0.8,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0932\\"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"date": "2020-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"date": "2020-02-25T16:15:10.827000",
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15515"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014691"
},
{
"date": "2022-06-13T20:14:30.510000",
"db": "NVD",
"id": "CVE-2019-5143"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Format string vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1127"
}
],
"trust": 0.6
}
}
VAR-202002-0357
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5138"
}
]
},
"cve": "CVE-2019-5138",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014651",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13473",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.9,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014651",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5138",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5138",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014651",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-13473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1134",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "CNVD",
"id": "CNVD-2020-13473"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0927",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5138",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"id": "VAR-202002-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
}
]
},
"last_update_date": "2023-12-18T12:17:21.624000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13473)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204749"
},
{
"title": "Moxa AWK-3131A Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0927"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5138"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5138"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"date": "2020-02-25T16:15:10.500000",
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13473"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014651"
},
{
"date": "2022-06-13T20:15:02.167000",
"db": "NVD",
"id": "CVE-2019-5138"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014651"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1134"
}
],
"trust": 0.6
}
}
VAR-202002-0358
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Moxa AWK-3131A is a wireless switch from Moxa. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0358",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5139"
}
]
},
"cve": "CVE-2019-5139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014645",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2020-14253",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014645",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5139",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5139",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014645",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-14253",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1115",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Moxa AWK-3131A is a wireless switch from Moxa. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "CNVD",
"id": "CNVD-2020-14253"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0928",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5139",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-14253",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46064",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"id": "VAR-202002-0358",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
}
]
},
"last_update_date": "2023-12-18T12:17:21.545000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/205251"
},
{
"title": "Moxa AWK-3131A Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110781"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0928"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5139"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5139"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46064"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"date": "2020-02-25T16:15:10.577000",
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014645"
},
{
"date": "2022-06-13T20:14:58.993000",
"db": "NVD",
"id": "CVE-2019-5139"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14253"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1115"
}
],
"trust": 0.6
}
}
VAR-202002-0361
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5142"
}
]
},
"cve": "CVE-2019-5142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014648",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13481",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014648",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014648",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13481",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1143",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "CNVD",
"id": "CNVD-2020-13481"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5142",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0931",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13481",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1143",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"id": "VAR-202002-0361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
}
]
},
"last_update_date": "2023-12-18T12:17:21.466000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0931"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5142"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"date": "2020-02-25T16:15:10.780000",
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13481"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014648"
},
{
"date": "2022-06-13T20:14:41.553000",
"db": "NVD",
"id": "CVE-2019-5142"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014648"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1143"
}
],
"trust": 0.6
}
}
VAR-202002-0364
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A A classic buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5153"
}
]
},
"cve": "CVE-2019-5153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014715",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13480",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014715",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5153",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5153",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2019-014715",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1137",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. Moxa AWK-3131A A classic buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. An attacker could use this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "CNVD",
"id": "CNVD-2020-13480"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2019-0944",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-5153",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13480",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"id": "VAR-202002-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
}
]
},
"last_update_date": "2023-12-18T12:17:21.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204725"
},
{
"title": "Moxa AWK-3131A Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0944"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5153"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5153"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"date": "2020-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"date": "2020-02-25T16:15:10.953000",
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13480"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014715"
},
{
"date": "2022-06-13T19:59:32.180000",
"db": "NVD",
"id": "CVE-2019-5153"
},
{
"date": "2022-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Classic buffer overflow vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1137"
}
],
"trust": 0.6
}
}
VAR-202002-0360
Vulnerability from variot - Updated: 2023-12-18 12:17An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5141"
}
]
},
"cve": "CVE-2019-5141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014647",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-13475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014647",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5141",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2019-5141",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014647",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-13475",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1122",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. (DoS) It may be put into a state. Moxa AWK-3131A is a wireless access device from Moxa. The vulnerability stems from the fact that the network system or product did not properly filter the special characters, commands, etc. during the process of constructing the executable command of the operating system by external input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "CNVD",
"id": "CNVD-2020-13475"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5141",
"trust": 3.0
},
{
"db": "TALOS",
"id": "TALOS-2019-0930",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-063-04",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-13475",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0781",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"id": "VAR-202002-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
}
],
"trust": 1.18235294
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
}
]
},
"last_update_date": "2023-12-18T12:17:21.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "https://www.moxa.com/en/products/industrial-network-infrastructure/wireless-ap-bridge-client/wlan-ap-bridge-client/awk-3131a-series"
},
{
"title": "Patch for Moxa AWK-3131A iw_webs feature operating system command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/204741"
},
{
"title": "Moxa AWK-3131A iw_webs Functional OS Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110295"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2019-0930"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5141"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5141"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0781/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"date": "2020-02-25T16:15:10.703000",
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-13475"
},
{
"date": "2020-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014647"
},
{
"date": "2022-06-13T20:14:49.520000",
"db": "NVD",
"id": "CVE-2019-5141"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A In firmware OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014647"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1122"
}
],
"trust": 0.6
}
}
VAR-201704-0973
Vulnerability from variot - Updated: 2023-12-18 12:04An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0973",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "awk-3131a",
"scope": "eq",
"trust": 2.4,
"vendor": "moxa",
"version": "1.1"
},
{
"model": "awk-3131a wireless access point",
"scope": "eq",
"trust": 0.6,
"vendor": "moxa",
"version": "1.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8725"
}
]
},
"cve": "CVE-2016-8725",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-8725",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07354",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97545",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-8725",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8725",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8725",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-07354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-729",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97545",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China\u0027s Moxa. WebApplication is one of the web application modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8725",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2016-0239",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07354",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-96532",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97545",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"id": "VAR-201704-0973",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
}
],
"trust": 1.49117647
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
}
]
},
"last_update_date": "2023-12-18T12:04:18.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AWK-3131A Series",
"trust": 0.8,
"url": "http://www.moxa.com/product/awk-3131a.htm"
},
{
"title": "TALOS-2016-0239",
"trust": 0.8,
"url": "https://www.talosintelligence.com/reports/talos-2016-0239/"
},
{
"title": "Patch for MoxaAWK-3131AWirelessAccessPoint Information Disclosure Vulnerability (CNVD-2017-07354)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94158"
},
{
"title": "Moxa AWK-3131A Wireless Access Point Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70213"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97545"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.talosintelligence.com/reports/talos-2016-0239/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8725"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8725"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"db": "VULHUB",
"id": "VHN-97545"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97545"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"date": "2017-04-13T19:59:00.377000",
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07354"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97545"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008408"
},
{
"date": "2022-12-13T17:31:49.600000",
"db": "NVD",
"id": "CVE-2016-8725"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa AWK-3131A Wireless AP Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008408"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-729"
}
],
"trust": 0.6
}
}