VYPR

NPort IAW5000A-I/O

by Moxa

CVEs (7)

  • CVE-2021-32974CriApr 1, 2022
    risk 0.64cvss 9.8epss 0.03

    Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

  • CVE-2020-25196CriDec 23, 2020
    risk 0.64cvss 9.8epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.

  • CVE-2020-25153CriDec 23, 2020
    risk 0.64cvss 9.8epss 0.01

    The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.

  • CVE-2020-25198HigDec 23, 2020
    risk 0.57cvss 8.8epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.

  • CVE-2020-25194HigDec 23, 2020
    risk 0.57cvss 8.8epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.

  • CVE-2020-25190HigDec 23, 2020
    risk 0.49cvss 7.5epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.

  • CVE-2020-25192MedDec 23, 2020
    risk 0.35cvss 5.3epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.