Vendor CVEs
Moxa
All CVEs
313 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8359 | Med | 0.40 | 6.1 | 0.01 | Feb 13, 2017 | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik… | ||
| CVE-2026-3867 | Med | 0.39 | — | 0.00 | Apr 27, 2026 | An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful… | ||
| CVE-2016-4500 | Med | 0.38 | 5.8 | 0.01 | Jun 1, 2016 | Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | ||
| CVE-2017-7457 | Med | 0.36 | 5.0 | 0.02 | Apr 14, 2017 | XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure. | ||
| CVE-2016-9354 | Med | 0.36 | 5.5 | 0.01 | Feb 13, 2017 | An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | ||
| CVE-2017-13702 | Med | 0.35 | 5.3 | 0.01 | Nov 17, 2017 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. | ||
| CVE-2016-8725 | Med | 0.35 | 5.3 | 0.01 | Apr 13, 2017 | An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | ||
| CVE-2016-8724 | Med | 0.35 | 5.3 | 0.09 | Apr 13, 2017 | An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. | ||
| CVE-2016-8722 | Med | 0.35 | 5.3 | 0.01 | Apr 13, 2017 | An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | ||
| CVE-2016-9346 | Med | 0.35 | 5.3 | 0.01 | Feb 13, 2017 | An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. | ||
| CVE-2016-2283 | Med | 0.35 | 5.3 | 0.01 | Mar 4, 2016 | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | ||
| CVE-2016-2282 | Med | 0.35 | 5.3 | 0.02 | Mar 4, 2016 | Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | ||
| CVE-2025-6894 | Med | 0.34 | — | 0.01 | Oct 17, 2025 | An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping`… | ||
| CVE-2025-0193 | Med | 0.34 | — | 0.00 | Jan 15, 2025 | A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can… | ||
| CVE-2025-1679 | Med | 0.31 | — | 0.00 | Oct 23, 2025 | Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface.… | ||
| CVE-2017-13700 | Med | 0.31 | 4.8 | 0.01 | Nov 17, 2017 | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | ||
| CVE-2017-12127 | Med | 0.29 | 4.4 | 0.00 | May 14, 2018 | A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | ||
| CVE-2016-8720 | Med | 0.28 | 4.3 | 0.01 | Apr 13, 2017 | An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location… | ||
| CVE-2016-9348 | Low | 0.21 | 3.3 | 0.00 | Feb 13, 2017 | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions… | ||
| CVE-2016-5812 | Low | 0.21 | 3.3 | 0.00 | Aug 24, 2016 | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | ||
| CVE-2010-4742 | 0.08 | — | 0.56 | Feb 18, 2011 | Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. | |||
| CVE-2010-4741 | 0.05 | — | 0.28 | Feb 18, 2011 | Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. | |||
| CVE-2019-10963 | 0.03 | — | 0.06 | Oct 8, 2019 | Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. | |||
| CVE-2019-10969 | 0.03 | — | 0.09 | Oct 8, 2019 | Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | |||
| CVE-2019-9099 | 0.01 | — | 0.04 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to… | |||
| CVE-2020-8858 | 0.01 | — | 0.07 | Feb 13, 2020 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The… | |||
| CVE-2019-6557 | 0.01 | — | 0.05 | Mar 5, 2019 | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. | |||
| CVE-2026-0715 | 0.00 | — | 0.00 | Feb 5, 2026 | Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to… | |||
| CVE-2026-0714 | 0.00 | — | 0.00 | Feb 5, 2026 | A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening… | |||
| CVE-2025-1680 | Non | 0.00 | — | 0.00 | Oct 23, 2025 | An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests… | ||
| CVE-2024-4740 | 0.00 | — | 0.00 | Oct 18, 2024 | MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | |||
| CVE-2024-4739 | 0.00 | — | 0.00 | Oct 18, 2024 | The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. | |||
| CVE-2024-6787 | 0.00 | — | 0.00 | Sep 21, 2024 | This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious… | |||
| CVE-2024-6786 | 0.00 | — | 0.01 | Sep 21, 2024 | The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. | |||
| CVE-2024-6785 | 0.00 | — | 0.00 | Sep 21, 2024 | The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | |||
| CVE-2024-4641 | 0.00 | — | 0.00 | Jun 25, 2024 | OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. | |||
| CVE-2024-4640 | 0.00 | — | 0.00 | Jun 25, 2024 | OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. | |||
| CVE-2024-4639 | 0.00 | — | 0.00 | Jun 25, 2024 | OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute… | |||
| CVE-2024-4638 | 0.00 | — | 0.00 | Jun 25, 2024 | OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to… | |||
| CVE-2024-1220 | 0.00 | — | 0.01 | Mar 6, 2024 | A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could… | |||
| CVE-2024-0387 | 0.00 | — | 0.01 | Feb 26, 2024 | The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious… | |||
| CVE-2023-6094 | 0.00 | — | 0.00 | Dec 31, 2023 | A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may… | |||
| CVE-2023-6093 | 0.00 | — | 0.00 | Dec 31, 2023 | A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This… | |||
| CVE-2023-5962 | 0.00 | — | 0.00 | Dec 23, 2023 | A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected… | |||
| CVE-2023-5961 | 0.00 | — | 0.00 | Dec 23, 2023 | A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an… | |||
| CVE-2023-5035 | 0.00 | — | 0.00 | Nov 2, 2023 | A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to… | |||
| CVE-2023-4217 | 0.00 | — | 0.00 | Nov 2, 2023 | A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and… | |||
| CVE-2023-5627 | 0.00 | — | 0.00 | Nov 1, 2023 | A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web… | |||
| CVE-2023-4452 | 0.00 | — | 0.00 | Nov 1, 2023 | A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device… | |||
| CVE-2023-4929 | 0.00 | — | 0.00 | Oct 3, 2023 | All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain… |
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik…
- risk 0.39cvss —epss 0.00
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful…
- risk 0.38cvss 5.8epss 0.01
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
- risk 0.36cvss 5.0epss 0.02
XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
- risk 0.35cvss 5.3epss 0.01
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.
- risk 0.35cvss 5.3epss 0.09
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.
- risk 0.35cvss 5.3epss 0.01
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.
- risk 0.35cvss 5.3epss 0.01
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
- risk 0.35cvss 5.3epss 0.02
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
- risk 0.34cvss —epss 0.01
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping`…
- risk 0.34cvss —epss 0.00
A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can…
- risk 0.31cvss —epss 0.00
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface.…
- risk 0.31cvss 4.8epss 0.01
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.
- risk 0.29cvss 4.4epss 0.00
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
- risk 0.28cvss 4.3epss 0.01
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location…
- risk 0.21cvss 3.3epss 0.00
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…
- risk 0.21cvss 3.3epss 0.00
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
- CVE-2010-4742Feb 18, 2011risk 0.08cvss —epss 0.56
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.
- CVE-2010-4741Feb 18, 2011risk 0.05cvss —epss 0.28
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.
- CVE-2019-10963Oct 8, 2019risk 0.03cvss —epss 0.06
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.
- CVE-2019-10969Oct 8, 2019risk 0.03cvss —epss 0.09
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
- CVE-2019-9099Mar 11, 2020risk 0.01cvss —epss 0.04
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to…
- CVE-2020-8858Feb 13, 2020risk 0.01cvss —epss 0.07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The…
- CVE-2019-6557Mar 5, 2019risk 0.01cvss —epss 0.05
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
- CVE-2026-0715Feb 5, 2026risk 0.00cvss —epss 0.00
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface. Access to…
- CVE-2026-0714Feb 5, 2026risk 0.00cvss —epss 0.00
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening…
- risk 0.00cvss —epss 0.00
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests…
- CVE-2024-4740Oct 18, 2024risk 0.00cvss —epss 0.00
MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
- CVE-2024-4739Oct 18, 2024risk 0.00cvss —epss 0.00
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
- CVE-2024-6787Sep 21, 2024risk 0.00cvss —epss 0.00
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious…
- CVE-2024-6786Sep 21, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
- CVE-2024-6785Sep 21, 2024risk 0.00cvss —epss 0.00
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.
- CVE-2024-4641Jun 25, 2024risk 0.00cvss —epss 0.00
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.
- CVE-2024-4640Jun 25, 2024risk 0.00cvss —epss 0.00
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
- CVE-2024-4639Jun 25, 2024risk 0.00cvss —epss 0.00
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute…
- CVE-2024-4638Jun 25, 2024risk 0.00cvss —epss 0.00
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to…
- CVE-2024-1220Mar 6, 2024risk 0.00cvss —epss 0.01
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could…
- CVE-2024-0387Feb 26, 2024risk 0.00cvss —epss 0.01
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious…
- CVE-2023-6094Dec 31, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may…
- CVE-2023-6093Dec 31, 2023risk 0.00cvss —epss 0.00
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This…
- CVE-2023-5962Dec 23, 2023risk 0.00cvss —epss 0.00
A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected…
- CVE-2023-5961Dec 23, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an…
- CVE-2023-5035Nov 2, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to…
- CVE-2023-4217Nov 2, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and…
- CVE-2023-5627Nov 1, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web…
- CVE-2023-4452Nov 1, 2023risk 0.00cvss —epss 0.00
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device…
- CVE-2023-4929Oct 3, 2023risk 0.00cvss —epss 0.00
All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain…
Page 3 of 7