Description
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.
References (1)
Core 1
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
http://www.talosintelligence.com/reports/TALOS-2016-0225/
Scores
CVSS v3
8.1
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-613
Status
published
Products (2)
Moxa/AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client
1.1
moxa/awk-3131a_firmware
1.1
Published
Apr 13, 2017
Tracked Since
Feb 18, 2026