CVE-2016-8724

CVSS 5.3 MEDIUMEPSS 9.3%

In short

The Moxa AWK-3131A wireless access point has a flaw that lets attackers send specially crafted network requests to steal sensitive information from the device. This could expose configuration details or other private data.

Technical detail

An information disclosure vulnerability exists in the serviceAgent component of Moxa AWK-3131A firmware 1.1, exploitable via a specially crafted TCP query that bypasses access controls. The attack requires network access to the device but no authentication, potentially exposing sensitive system information.

Summary generated and translated by AI from the official description.

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Moxa · AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.talosintelligence.com/reports/TALOS-2016-0238/