CVE-2016-8362

MEDIUM

Moxa OnCell Series - Unauthenticated Log File Download

Title source: llm
STIX 2.1

Description

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL.

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94092

Scores

CVSS v3 6.5
EPSS 0.0016
EPSS Percentile 36.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-287
Status published
Products (15)
moxa/awk-1121_firmware < 06-29-2017
moxa/awk-1127_firmware < 06-29-2017
moxa/awk-1131a_firmware < 10-31-2016
moxa/awk-3121-m12-rtg_firmware < 06-29-2017
moxa/awk-3131-m12-rcc_firmware < 06-29-2017
moxa/awk-3131a_firmware < 10-31-2016
moxa/awk-3191_firmware < 05-30-2017
moxa/awk-4131a_firmware < 10-31-2016
moxa/awk-5232-m12-rcc_firmware < 06-29-2017
moxa/awk-5232_firmware < 05-30-2017
... and 5 more
Published Feb 13, 2017
Tracked Since Feb 18, 2026