{"api_version":"1","generated_at":"2026-04-24T00:08:48+00:00","cve":"CVE-2016-9344","urls":{"html":"https://cve.report/CVE-2016-9344","api":"https://cve.report/api/cve/CVE-2016-9344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9344"},"summary":{"title":"CVE-2016-9344","description":"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2017-02-13 21:59:00","updated_at":"2017-02-23 19:25:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Moxa MiiNePort Session Hijack Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/94783","name":"94783","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple Moxa MiiNePort Products Information Disclosure and Security Bypass Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9344","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e1","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e1","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"1","versionEndIncluding":"1.7","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"miineport_e1_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e2","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"1","versionEndIncluding":"1.3","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"miineport_e2_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"moxa","cpe5":"miineport_e3","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9344","vulnerable":"1","versionEndIncluding":"1.0","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"moxa","cpe5":"miineport_e3_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2016-9344","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Moxa MiiNePort","version":{"version_data":[{"version_value":"Moxa MiiNePort"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Moxa MiiNePort Session Hijack"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01"},{"name":"94783","refsource":"BID","url":"http://www.securityfocus.com/bid/94783"}]}},"nvd":{"publishedDate":"2017-02-13 21:59:00","lastModifiedDate":"2017-02-23 19:25:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9344","Ordinal":"96024","Title":"CVE-2016-9344","CVE":"CVE-2016-9344","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9344","Ordinal":"1","NoteData":"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9344","Ordinal":"2","NoteData":"2017-02-13","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9344","Ordinal":"3","NoteData":"2017-02-14","Type":"Other","Title":"Modified"}]}}}