Filtered by vendor Moxa
Subscriptions
Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4161 | 1 Moxa | 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more | 2024-09-16 | 9.8 Critical |
| The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. | ||||
| CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 7.5 High |
| Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | ||||
| CVE-2017-12125 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability. | ||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 7.5 High |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | ||||
| CVE-2019-6563 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 9.8 Critical |
| Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. | ||||
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2020-25194 | 1 Moxa | 2 Nport Iaw5000a-i\/o, Nport Iaw5000a-i\/o Firmware | 2024-09-16 | 8.8 High |
| The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | ||||
| CVE-2019-6557 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 9.8 Critical |
| Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | ||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2024-09-16 | N/A |
| User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | ||||
| CVE-2021-38458 | 1 Moxa | 1 Mxview | 2024-09-16 | 9.8 Critical |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
| CVE-2017-14432 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | ||||
| CVE-2017-14435 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 7.5 High |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability. | ||||
| CVE-2019-6561 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 8.8 High |
| Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | ||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-09-16 | 9.8 Critical |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | ||||
| CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2024-09-16 | 8.2 High |
| MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | ||||
| CVE-2012-4694 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2024-09-16 | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | ||||
| CVE-2019-6524 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-09-16 | 9.8 Critical |
| Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | ||||
| CVE-2017-12126 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
| An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. | ||||
| CVE-2017-12120 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-09-16 | 8.8 High |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | ||||