Filtered by vendor Moxa
Subscriptions
Total
279 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-25198 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-17 | 8.8 High |
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | ||||
CVE-2010-4741 | 1 Moxa | 2 Device Manager, Mdm Tool | 2024-09-17 | N/A |
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. | ||||
CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-09-16 | N/A |
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | ||||
CVE-2019-6565 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 6.1 Medium |
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. | ||||
CVE-2021-38454 | 1 Moxa | 1 Mxview | 2024-09-16 | 10 Critical |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2024-09-16 | 7.5 High |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | ||||
CVE-2017-14434 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | ||||
CVE-2017-14437 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 7.5 High |
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability. | ||||
CVE-2020-25192 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-16 | 5.3 Medium |
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. | ||||
CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | ||||
CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-09-16 | N/A |
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | ||||
CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
CVE-2010-4742 | 1 Moxa | 1 Activex Sdk | 2024-09-16 | N/A |
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. | ||||
CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
CVE-2020-25190 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-16 | 7.5 High |
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | ||||
CVE-2019-6559 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 6.5 Medium |
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. | ||||
CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 7.5 High |
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | ||||
CVE-2018-18391 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
CVE-2020-25153 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-16 | 9.8 Critical |
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. |