VYPR
Vendor

Moxa

Products
173
CVEs
313
Across products
307
Status
Private

Products

173
View all 173 products →

Recent CVEs

313
View all 313 CVEs →
  • CVE-2017-14459CriApr 11, 2018
    risk 0.69cvss 10.0epss 0.12

    An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username…

  • CVE-2016-9361CriFeb 13, 2017
    risk 0.68cvss 9.8epss 0.20

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-8363CriFeb 13, 2017
    risk 0.65cvss 10.0epss 0.02

    An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series,…

  • CVE-2025-6950CriOct 17, 2025
    risk 0.64cvss epss 0.01

    An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated…

  • CVE-2016-8717CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.02

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of…

  • CVE-2018-5455CriMar 5, 2018
    risk 0.64cvss 9.8epss 0.02

    A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack…

  • CVE-2017-12729CriJan 18, 2018
    risk 0.64cvss 9.8epss 0.01

    A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the…

  • CVE-2017-13701CriNov 23, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.

  • CVE-2017-7915CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.02

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and…

  • CVE-2017-7913CriMay 29, 2017
    risk 0.64cvss 9.8epss 0.01

    A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell…

  • CVE-2016-9369CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-9366CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-9333CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).

  • CVE-2016-5799CriAug 24, 2016
    risk 0.64cvss 9.8epss 0.04

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2016-5792CriAug 8, 2016
    risk 0.64cvss 9.8epss 0.03

    SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.

  • CVE-2016-5804CriJul 15, 2016
    risk 0.64cvss 9.8epss 0.01

    Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.

  • CVE-2016-4503CriJul 12, 2016
    risk 0.64cvss 9.8epss 0.03

    Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.

  • CVE-2024-9137CriOct 14, 2024
    risk 0.61cvss 9.4epss 0.01

    The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.

  • CVE-2025-0415CriApr 2, 2025
    risk 0.60cvss epss 0.01

    A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of…

  • CVE-2024-12297CriJan 15, 2025
    risk 0.60cvss epss 0.01

    Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These…