Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. While most of the vulnerabilities were addressed in the previous set of advisories, Talos has continued to work with Moxa to ensure all remaining vulnerabilities that Talos identified are patched.
This vulnerability was identified by Patrick DeSantis of Talos.
TALOS-2016-0231 (CVE-2016-8717) is a hard-coded credential vulnerability within Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client devices. An undocumented, root-level account with hard-coded credentials exists in these devices with no mechanism to disable or remove the account permanently. An attacker could leverage this account and gain complete control of the device remotely.
The fact that experts found in Moxa devices hardcoded credentials: Username: 94jo3dkru4 Password: moxaiwroot , are allowed to enter the undocumented Account with root-rights.
Moxa developers have already released a patch for this problem. Now Cisco experts recommend that users install the update as soon as possible, or close the remote access to your device by disabling SSH and Telnet.