CVE-2016-8712
First published: Thu Apr 13 2017(Updated: )
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa AWK-3131A firmware | =1.1 | |
| Moxa AWK-3131A |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-8712?
The severity of CVE-2016-8712 is considered to be high due to the potential for session hijacking.
How do I fix CVE-2016-8712?
To fix CVE-2016-8712, update the Moxa AWK-3131A firmware to a version that addresses this nonce reuse vulnerability.
What devices are affected by CVE-2016-8712?
CVE-2016-8712 affects the Moxa AWK-3131A Wireless AP running firmware version 1.1.
What are the implications of exploiting CVE-2016-8712?
Exploiting CVE-2016-8712 can allow an attacker to hijack authenticated sessions and gain unauthorized access to sensitive data.
Is there a workaround for CVE-2016-8712 if I cannot update the firmware?
A potential workaround for CVE-2016-8712 is to minimize the idle time of the web application to force nonce changes more frequently.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/moxa
- canonical/moxa awk-3131a firmware
- version/moxa awk-3131a firmware/1.1
- canonical/moxa awk-3131a