CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
References
Link Resource
http://www.talosintelligence.com/reports/TALOS-2016-0235/ Exploit Technical Description Third Party Advisory VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0235/ Exploit Technical Description Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:moxa:awk-3131a_firmware:1.1:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:59

Type Values Removed Values Added
References () http://www.talosintelligence.com/reports/TALOS-2016-0235/ - Exploit, Technical Description, Third Party Advisory, VDB Entry () http://www.talosintelligence.com/reports/TALOS-2016-0235/ - Exploit, Technical Description, Third Party Advisory, VDB Entry

Information

Published : 2017-04-20 18:59

Updated : 2024-11-21 02:59


NVD link : CVE-2016-8721

Mitre link : CVE-2016-8721

CVE.ORG link : CVE-2016-8721


JSON object : View

Products Affected

moxa

  • awk-3131a_firmware
  • awk-3131a
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')