Filtered by vendor Moxa
Subscriptions
Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-4741 | 1 Moxa | 2 Device Manager, Mdm Tool | 2024-11-21 | N/A |
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. | ||||
CVE-2024-9139 | 1 Moxa | 8 Edf-g1002-bp Firmware, Edr-8010 Firmware, Edr-810 Firmware and 5 more | 2024-11-06 | 7.2 High |
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. | ||||
CVE-2024-4739 | 1 Moxa | 1 Mxsecurity | 2024-10-22 | 5.3 Medium |
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. | ||||
CVE-2024-4740 | 1 Moxa | 1 Mxsecurity | 2024-10-18 | 5.3 Medium |
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | ||||
CVE-2024-6786 | 1 Moxa | 1 Mxview One | 2024-09-30 | 6.5 Medium |
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. | ||||
CVE-2024-6787 | 1 Moxa | 1 Mxview One | 2024-09-30 | 5.3 Medium |
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. | ||||
CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2024-09-27 | 5.5 Medium |
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. |