PatchSiren cyber security CVE debrief

CVE-2016-8346 Moxa CVE debrief

CVE-2016-8346 is a high-severity vulnerability in Moxa EDR-810 Industrial Secure Router firmware that can allow unauthorized access to configuration and log files through a specific web server URL. NVD assigns CVSS 3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating a network-reachable confidentiality impact with no required privileges or user interaction. The CVE was published on 2017-02-13 and NVD lists affected firmware versions up to 3.12.

Vendor: Moxa
Product: CVE-2016-8346
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT/ICS operators, network defenders, and asset owners using Moxa EDR-810 routers, especially where the device’s web management interface is reachable from untrusted networks or broader internal segments.

Technical summary

NVD lists the vulnerable product as moxa:edr-810_firmware versions through 3.12. The issue is described as a web-server URL that exposes configuration and log files. NVD maps the weakness to CWE-532, and the CVSS vector shows a network-exploitable information-disclosure condition with high confidentiality impact and no integrity or availability impact.

Defensive priority

High for any environment with exposed EDR-810 management access; prioritize if the device is reachable from enterprise or external networks, or if configuration/log content could reveal credentials, topology, or other sensitive operational details.

Recommended defensive actions

Identify all Moxa EDR-810 deployments and verify firmware versions; treat versions through 3.12 as affected.
Restrict access to the router web management interface to trusted administrative hosts and management networks only.
Review vendor and ICS-CERT guidance referenced for CVE-2016-8346 and apply any available remediation or mitigations.
Update to a fixed firmware release if Moxa provides one beyond version 3.12.
Monitor for unexpected access to router configuration and log files, and audit whether sensitive data may have been exposed.
Segment OT/ICS management traffic from general user networks and avoid exposing device administration services to broader network scopes.

Evidence notes

Source corpus confirms the CVE description, CVSS 3.0 score/vector, affected CPE range (Moxa EDR-810 firmware up to 3.12), and CWE-532 mapping. References in NVD include US-CERT/ICS-CERT advisory ICSA-16-294-01 and SecurityFocus BID 93800. The corpus does not include a specific fixed firmware version or detailed vendor remediation text, so recommendations are limited to general defensive actions and version-beyond-3.12 guidance.

Official resources

CVE-2016-8346 CVE record
CVE.org
CVE-2016-8346 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource

CVE published by 2017-02-13. NVD later modified the record on 2026-05-13. No KEV entry is listed in the supplied corpus.