CVE-2016-8723

CVSS 7.5 HIGHEPSS 1.4%

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Moxa · AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.talosintelligence.com/reports/TALOS-2016-0237/