| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1101 |
CVE-2016-8926 |
200 |
|
+Info |
2017-04-14 |
2017-04-20 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539. |
|
1102 |
CVE-2016-8925 |
200 |
|
+Info |
2017-04-14 |
2017-04-20 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to include arbitrary files which could allow the attacker to read any file on the system. IBM X-Force ID: 118538. |
|
1103 |
CVE-2016-8924 |
79 |
|
XSS |
2017-04-26 |
2017-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537. |
|
1104 |
CVE-2016-8923 |
200 |
|
+Info |
2017-04-20 |
2017-04-27 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536. |
|
1105 |
CVE-2016-8803 |
264 |
|
|
2017-04-02 |
2017-04-05 |
4.1 |
None |
Local |
Medium |
??? |
Partial |
Partial |
Partial |
|
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. |
|
1106 |
CVE-2016-8802 |
119 |
|
Overflow |
2017-04-02 |
2017-04-05 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. |
|
1107 |
CVE-2016-8801 |
77 |
|
|
2017-04-02 |
2017-04-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command with root privilege. |
|
1108 |
CVE-2016-8798 |
284 |
|
DoS Bypass |
2017-04-02 |
2017-04-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Huawei USG5500 with software V300R001C00 and V300R001C00 allows attackers to bypass the anti-DDoS module of the USGs to cause a denial of service condition on the backend server. |
|
1109 |
CVE-2016-8797 |
399 |
|
|
2017-04-02 |
2017-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; S12700 with software V200R008C00, V200R007C00; S5300 with software V200R008C00, V200R007C00, V200R006C00; S5700 with software V200R008C00, V200R007C00, V200R006C00; S6300 with software V200R008C00, V200R007C00; S6700 with software V200R008C00, V200R007C00; S7700 with software V200R008C00, V200R007C00, V200R006C00; S9300 with software V200R008C00, V200R007C00, V200R006C00; and S9700 with software V200R008C00, V200R007C00, V200R006C00 allow remote attackers to send abnormal Multiprotocol Label Switching (MPLS) packets to cause memory exhaustion. |
|
1110 |
CVE-2016-8796 |
20 |
|
|
2017-04-02 |
2017-04-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. |
|
1111 |
CVE-2016-8795 |
190 |
|
Overflow |
2017-04-02 |
2017-04-05 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. |
|
1112 |
CVE-2016-8794 |
284 |
|
|
2017-04-02 |
2017-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. |
|
1113 |
CVE-2016-8793 |
284 |
|
|
2017-04-02 |
2017-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. |
|
1114 |
CVE-2016-8792 |
284 |
|
|
2017-04-02 |
2017-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. |
|
1115 |
CVE-2016-8791 |
284 |
|
|
2017-04-02 |
2017-04-05 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. |
|
1116 |
CVE-2016-8790 |
119 |
|
Overflow |
2017-04-02 |
2017-04-11 |
5.5 |
None |
Local Network |
Low |
??? |
None |
None |
Complete |
|
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. |
|
1117 |
CVE-2016-8789 |
79 |
|
XSS +Info |
2017-04-02 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malicious scripts to obtain user information or hijack the session, aka XSS. |
|
1118 |
CVE-2016-8781 |
399 |
|
|
2017-04-02 |
2017-04-05 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Huawei Secospace USG6300 with software V500R001C20 and V500R001C20SPC200PWE, Secospace USG6500 with software V500R001C20, Secospace USG6600 with software V500R001C20 and V500R001C20SPC200PWE allow remote attackers with specific permission to log in to a device and deliver a large number of unspecified commands to exhaust memory, causing a DoS condition. |
|
1119 |
CVE-2016-8780 |
400 |
|
|
2017-04-02 |
2017-04-05 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, CloudEngine 8800 V100R006C00, and CloudEngine 12800 V100R006C00 allow remote attackers with specific permission to store massive files to exhaust the shared storage space, leading to a DoS condition. |
|
1120 |
CVE-2016-8779 |
|
|
+Info |
2017-04-02 |
2017-04-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. |
|
1121 |
CVE-2016-8776 |
285 |
|
Bypass |
2017-04-02 |
2017-04-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. |
|
1122 |
CVE-2016-8775 |
119 |
|
Exec Code Overflow |
2017-04-02 |
2017-04-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. |
|
1123 |
CVE-2016-8774 |
119 |
|
Exec Code Overflow |
2017-04-02 |
2017-04-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. |
|
1124 |
CVE-2016-8773 |
20 |
|
DoS |
2017-04-02 |
2017-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets. |
|
1125 |
CVE-2016-8769 |
264 |
|
|
2017-04-02 |
2021-08-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed. |
|
1126 |
CVE-2016-8768 |
254 |
|
|
2017-04-02 |
2017-04-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. |
|
1127 |
CVE-2016-8764 |
20 |
|
|
2017-04-02 |
2017-04-07 |
4.1 |
None |
Local |
Medium |
??? |
Partial |
Partial |
Partial |
|
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver. |
|
1128 |
CVE-2016-8763 |
664 |
|
|
2017-04-02 |
2017-04-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation. |
|
1129 |
CVE-2016-8762 |
20 |
|
|
2017-04-02 |
2017-04-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. |
|
1130 |
CVE-2016-8761 |
119 |
|
Overflow |
2017-04-02 |
2017-04-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. |
|
1131 |
CVE-2016-8760 |
119 |
|
Overflow |
2017-04-02 |
2017-04-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. |
|
1132 |
CVE-2016-8759 |
119 |
|
Overflow |
2017-04-02 |
2017-04-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. |
|
1133 |
CVE-2016-8758 |
20 |
|
DoS |
2017-04-02 |
2017-04-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). |
|
1134 |
CVE-2016-8757 |
200 |
|
+Info |
2017-04-02 |
2019-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory. |
|
1135 |
CVE-2016-8756 |
20 |
|
DoS |
2017-04-02 |
2017-04-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). |
|
1136 |
CVE-2016-8754 |
798 |
|
|
2017-04-02 |
2017-04-07 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH. |
|
1137 |
CVE-2016-8735 |
284 |
|
Exec Code |
2017-04-06 |
2020-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
|
1138 |
CVE-2016-8727 |
200 |
|
+Info |
2017-04-13 |
2017-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. |
|
1139 |
CVE-2016-8726 |
476 |
|
|
2017-04-13 |
2022-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. |
|
1140 |
CVE-2016-8725 |
200 |
|
+Info |
2017-04-13 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. |
|
1141 |
CVE-2016-8724 |
200 |
|
+Info |
2017-04-13 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. |
|
1142 |
CVE-2016-8723 |
476 |
|
|
2017-04-13 |
2022-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. |
|
1143 |
CVE-2016-8722 |
200 |
|
+Info |
2017-04-13 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. |
|
1144 |
CVE-2016-8721 |
78 |
|
|
2017-04-20 |
2022-04-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. |
|
1145 |
CVE-2016-8720 |
74 |
|
|
2017-04-13 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. |
|
1146 |
CVE-2016-8719 |
79 |
|
XSS |
2017-04-12 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim. |
|
1147 |
CVE-2016-8718 |
352 |
|
CSRF |
2017-04-12 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. |
|
1148 |
CVE-2016-8716 |
640 |
|
|
2017-04-12 |
2022-04-19 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. |
|
1149 |
CVE-2016-8712 |
613 |
|
|
2017-04-13 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. |
|
1150 |
CVE-2016-8602 |
704 |
|
DoS Exec Code |
2017-04-14 |
2018-01-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. |
