VYPR

Vendor CVEs

Moxa

All CVEs

313 total · sorted by risk
  • CVE-2017-12129HigMay 14, 2018
    risk 0.52cvss 8.0epss 0.01

    An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.

  • CVE-2016-9332HigFeb 13, 2017
    risk 0.52cvss 7.5epss 0.08

    An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service…

  • CVE-2017-14030HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

  • CVE-2016-9356HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue.

  • CVE-2025-1977HigDec 31, 2025
    risk 0.50cvss epss 0.00

    The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue…

  • CVE-2016-4514HigJun 19, 2016
    risk 0.50cvss 7.7epss 0.01

    Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

  • CVE-2024-9404HigDec 4, 2024
    risk 0.49cvss 7.5epss 0.01

    This vulnerability could lead to denial-of-service or service crashes. Exploitation of the moxa_cmd service, because of insufficient input validation, allows attackers to disrupt operations. If exposed to public networks, the vulnerability poses a significant remote threat,…

  • CVE-2018-10632HigJul 24, 2018
    risk 0.49cvss 7.5epss 0.02

    In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.

  • CVE-2017-14439HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.

  • CVE-2017-14438HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.

  • CVE-2017-14437HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini"…

  • CVE-2017-14436HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini"…

  • CVE-2017-14435HigMay 14, 2018
    risk 0.49cvss 7.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini"…

  • CVE-2018-7506HigApr 6, 2018
    risk 0.49cvss 7.5epss 0.02

    The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.

  • CVE-2018-5453HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.01

    An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.

  • CVE-2017-13699HigNov 23, 2017
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password…

  • CVE-2017-13698HigNov 23, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded.

  • CVE-2017-13703HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.

  • CVE-2017-16719HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially…

  • CVE-2017-14028HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by…

  • CVE-2016-8727HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker.

  • CVE-2016-8726HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault…

  • CVE-2016-8723HigApr 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a…

  • CVE-2016-8716HigApr 12, 2017
    risk 0.49cvss 7.5epss 0.01

    An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker…

  • CVE-2016-9367HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-9344HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

  • CVE-2016-8346HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

  • CVE-2016-2295HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-2286HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…

  • CVE-2016-0879HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.

  • CVE-2016-0878HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.

  • CVE-2016-0877HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.

  • CVE-2016-0876HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.01

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.

  • CVE-2016-0875HigMay 31, 2016
    risk 0.49cvss 7.5epss 0.02

    Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

  • CVE-2016-9363HigFeb 13, 2017
    risk 0.48cvss 7.3epss 0.02

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2025-5191HigAug 25, 2025
    risk 0.47cvss epss 0.00

    An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in…

  • CVE-2017-5170HigJan 18, 2018
    risk 0.47cvss 7.2epss 0.01

    An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a…

  • CVE-2026-10825HigJun 16, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device…

  • CVE-2025-2026HigDec 31, 2025
    risk 0.46cvss epss 0.00

    The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS)…

  • CVE-2025-15017HigDec 31, 2025
    risk 0.46cvss epss 0.00

    A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain…

  • CVE-2026-10831MedJun 16, 2026
    risk 0.45cvss epss 0.00

    A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote…

  • CVE-2026-10828MedJun 16, 2026
    risk 0.45cvss epss 0.00

    A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied…

  • CVE-2026-9266HigJun 12, 2026
    risk 0.45cvss epss 0.00

    A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a…

  • CVE-2017-12124MedMay 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this…

  • CVE-2018-5449MedMar 5, 2018
    risk 0.42cvss 6.5epss 0.00

    A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.

  • CVE-2016-8362MedFeb 13, 2017
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series,…

  • CVE-2025-9315MedDec 10, 2025
    risk 0.41cvss epss 0.00

    An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially…

  • CVE-2016-8350MedFeb 13, 2017
    risk 0.41cvss 6.3epss 0.01

    An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik…

  • CVE-2016-8719MedApr 12, 2017
    risk 0.40cvss 6.1epss 0.01

    An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be executed by a victim.

  • CVE-2016-9371MedFeb 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

Page 2 of 7