Search Results (311 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-32970 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2025-04-16 7.5 High
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.
CVE-2021-32974 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2025-04-16 9.8 Critical
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
CVE-2021-32976 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2025-04-16 9.8 Critical
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
CVE-2022-2044 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2025-04-16 8.2 High
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.
CVE-2022-2043 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2025-04-16 7.5 High
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.
CVE-2021-40390 1 Moxa 1 Mxview 2025-04-15 9.8 Critical
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40392 1 Moxa 1 Mxview 2025-04-15 7.5 High
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.
CVE-2016-0876 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2025-04-12 7.5 High
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2015-6481 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.
CVE-2016-5792 1 Moxa 1 Softcms 2025-04-12 N/A
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVE-2016-2282 1 Moxa 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more 2025-04-12 N/A
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
CVE-2015-1000 1 Moxa 1 Softcms 2025-04-12 N/A
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.
CVE-2015-6480 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.
CVE-2016-4514 1 Moxa 2 Pt-7728, Pt-7728 Firmware 2025-04-12 7.7 High
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
CVE-2016-4503 1 Moxa 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware 2025-04-12 9.8 Critical
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
CVE-2016-4500 1 Moxa 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware 2025-04-12 N/A
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
CVE-2016-0875 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2025-04-12 7.5 High
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
CVE-2015-6465 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
CVE-2015-6464 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2025-04-12 N/A
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.