CVE-2016-8716

low-risk
Published 2017-04-12

An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.

Do I need to act?

-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Moxa

References (2)

Exploit http://www.talosintelligence.com/reports/TALOS-2016-0230
Exploit http://www.talosintelligence.com/reports/TALOS-2016-0230
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal