An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00161.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a Moxa OnCell affected
Version Status Constraints
Moxa OnCell affected

Configuration 1 [-]

AND
cpe:2.3:o:moxa:oncellg3470a-lte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:oncellg3470a-lte:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:moxa:awk-4131a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-4131a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:moxa:awk-3191_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3191:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:moxa:awk-5232_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-5232:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:moxa:awk-6232_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-6232:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:moxa:awk-1121_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-1121:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:moxa:awk-1127_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-1127:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:moxa:wac-1001_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:wac-1001_v2:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:moxa:wac-2004_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:wac-2004:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:moxa:awk-3121-m12-rtg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3121-m12-rtg:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:moxa:awk-3131-m12-rcc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3131-m12-rcc:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:moxa:awk-5232-m12-rcc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-5232-m12-rcc:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:moxa:awk-3131a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:moxa:awk-1131a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:awk-1131a:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Moxa Subscribe
Awk-1121 Subscribe
Awk-1121 Firmware Subscribe
Awk-1127 Subscribe
Awk-1127 Firmware Subscribe
Awk-1131a Subscribe
Awk-1131a Firmware Subscribe
Awk-3121-m12-rtg Subscribe
Awk-3121-m12-rtg Firmware Subscribe
Awk-3131-m12-rcc Subscribe
Awk-3131-m12-rcc Firmware Subscribe
Awk-3131a Subscribe
Awk-3131a Firmware Subscribe
Awk-3191 Subscribe
Awk-3191 Firmware Subscribe
Awk-4131a Subscribe
Awk-4131a Firmware Subscribe
Awk-5232 Subscribe
Awk-5232-m12-rcc Subscribe
Awk-5232-m12-rcc Firmware Subscribe
Awk-5232 Firmware Subscribe
Awk-6232 Subscribe
Awk-6232 Firmware Subscribe
Oncellg3470a-lte Subscribe
Oncellg3470a-lte Firmware Subscribe
Wac-1001 V2 Subscribe
Wac-1001 V2 Firmware Subscribe
Wac-2004 Subscribe
Wac-2004 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2016-9210 An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.securityfocus.com/bid/94092 cve-icon cve-icon
https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-06T02:20:31.043Z

Reserved: 2016-09-28T00:00:00.000Z

Link: CVE-2016-8362

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-02-13T21:59:01.050

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-8362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses