VYPR

Vendor CVEs

Moxa

All CVEs

313 total · sorted by risk
  • CVE-2016-8359MedFeb 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik…

  • CVE-2026-3867MedApr 27, 2026
    risk 0.39cvss epss 0.00

    An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful…

  • CVE-2016-4500MedJun 1, 2016
    risk 0.38cvss 5.8epss 0.01

    Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.

  • CVE-2017-7457MedApr 14, 2017
    risk 0.36cvss 5.0epss 0.02

    XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.

  • CVE-2016-9354MedFeb 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption.

  • CVE-2017-13702MedNov 17, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.

  • CVE-2016-8725MedApr 13, 2017
    risk 0.35cvss 5.3epss 0.01

    An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

  • CVE-2016-8724MedApr 13, 2017
    risk 0.35cvss 5.3epss 0.09

    An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information.

  • CVE-2016-8722MedApr 13, 2017
    risk 0.35cvss 5.3epss 0.01

    An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker.

  • CVE-2016-9346MedFeb 13, 2017
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

  • CVE-2016-2283MedMar 4, 2016
    risk 0.35cvss 5.3epss 0.01

    Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

  • CVE-2016-2282MedMar 4, 2016
    risk 0.35cvss 5.3epss 0.02

    Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.

  • CVE-2025-6894MedOct 17, 2025
    risk 0.34cvss epss 0.01

    An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an authenticated, low-privileged user to execute the administrative `ping`…

  • CVE-2025-0193MedJan 15, 2025
    risk 0.34cvss epss 0.00

    A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can…

  • CVE-2025-1679MedOct 23, 2025
    risk 0.31cvss epss 0.00

    Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface.…

  • CVE-2017-13700MedNov 17, 2017
    risk 0.31cvss 4.8epss 0.01

    An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.

  • CVE-2017-12127MedMay 14, 2018
    risk 0.29cvss 4.4epss 0.00

    A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.

  • CVE-2016-8720MedApr 13, 2017
    risk 0.28cvss 4.3epss 0.01

    An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location…

  • CVE-2016-9348LowFeb 13, 2017
    risk 0.21cvss 3.3epss 0.00

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-5812LowAug 24, 2016
    risk 0.21cvss 3.3epss 0.00

    Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.

  • CVE-2010-4742Feb 18, 2011
    risk 0.08cvss epss 0.56

    Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.

  • CVE-2010-4741Feb 18, 2011
    risk 0.05cvss epss 0.28

    Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.

  • CVE-2019-10963Oct 8, 2019
    risk 0.03cvss epss 0.06

    Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.

  • CVE-2019-10969Oct 8, 2019
    risk 0.03cvss epss 0.09

    Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.

  • CVE-2019-9099Mar 11, 2020
    risk 0.01cvss epss 0.04

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to…

  • CVE-2020-8858Feb 13, 2020
    risk 0.01cvss epss 0.07

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The…

  • CVE-2019-6557Mar 5, 2019
    risk 0.01cvss epss 0.05

    Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.

  • CVE-2026-0715Feb 5, 2026
    risk 0.00cvss epss 0.00

    Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to…

  • CVE-2026-0714Feb 5, 2026
    risk 0.00cvss epss 0.00

    A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening…

  • CVE-2025-1680NonOct 23, 2025
    risk 0.00cvss epss 0.00

    An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests…

  • CVE-2024-4740Oct 18, 2024
    risk 0.00cvss epss 0.00

    MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.

  • CVE-2024-4739Oct 18, 2024
    risk 0.00cvss epss 0.00

    The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.

  • CVE-2024-6787Sep 21, 2024
    risk 0.00cvss epss 0.00

    This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious…

  • CVE-2024-6786Sep 21, 2024
    risk 0.00cvss epss 0.01

    The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

  • CVE-2024-6785Sep 21, 2024
    risk 0.00cvss epss 0.00

    The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.

  • CVE-2024-4641Jun 25, 2024
    risk 0.00cvss epss 0.00

    OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

  • CVE-2024-4640Jun 25, 2024
    risk 0.00cvss epss 0.00

    OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.

  • CVE-2024-4639Jun 25, 2024
    risk 0.00cvss epss 0.00

    OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute…

  • CVE-2024-4638Jun 25, 2024
    risk 0.00cvss epss 0.00

    OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to…

  • CVE-2024-1220Mar 6, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could…

  • CVE-2024-0387Feb 26, 2024
    risk 0.00cvss epss 0.01

    The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious…

  • CVE-2023-6094Dec 31, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may…

  • CVE-2023-6093Dec 31, 2023
    risk 0.00cvss epss 0.00

    A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This…

  • CVE-2023-5962Dec 23, 2023
    risk 0.00cvss epss 0.00

    A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected…

  • CVE-2023-5961Dec 23, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an…

  • CVE-2023-5035Nov 2, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to…

  • CVE-2023-4217Nov 2, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and…

  • CVE-2023-5627Nov 1, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web…

  • CVE-2023-4452Nov 1, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device…

  • CVE-2023-4929Oct 3, 2023
    risk 0.00cvss epss 0.00

    All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain…

Page 3 of 7