VYPR

Vendor CVEs

Moxa

All CVEs

313 total · sorted by risk
  • CVE-2023-39983Sep 2, 2023
    risk 0.00cvss epss 0.00

    A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web…

  • CVE-2023-39982Sep 2, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate…

  • CVE-2023-39981Sep 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.

  • CVE-2023-39980Sep 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.

  • CVE-2023-39979Sep 2, 2023
    risk 0.00cvss epss 0.01

    There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  

  • CVE-2023-4230Aug 24, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the…

  • CVE-2023-4229Aug 24, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions…

  • CVE-2023-4228Aug 24, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data…

  • CVE-2023-4227Aug 24, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized…

  • CVE-2023-34217Aug 17, 2023
    risk 0.00cvss epss 0.00

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially…

  • CVE-2023-34216Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow…

  • CVE-2023-34215Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users…

  • CVE-2023-34214Aug 17, 2023
    risk 0.00cvss epss 0.00

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could…

  • CVE-2023-34213Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute…

  • CVE-2023-33239Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow…

  • CVE-2023-33238Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially…

  • CVE-2023-33237Aug 17, 2023
    risk 0.00cvss epss 0.01

    TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only…

  • CVE-2023-4204Aug 16, 2023
    risk 0.00cvss epss 0.00

    NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. This vulnerability is attributed to the presence of a hardcoded key, which could…

  • CVE-2023-3336Jul 5, 2023
    risk 0.00cvss epss 0.00

    TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.…

  • CVE-2023-33236May 22, 2023
    risk 0.00cvss epss 0.01

    MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.

  • CVE-2023-33235May 22, 2023
    risk 0.00cvss epss 0.01

    MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and…

  • CVE-2023-28697Apr 27, 2023
    risk 0.00cvss epss 0.01

    Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.

  • CVE-2023-1257Mar 7, 2023
    risk 0.00cvss epss 0.00

    An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the…

  • CVE-2022-40693Feb 7, 2023
    risk 0.00cvss epss 0.01

    A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger…

  • CVE-2022-40224Feb 7, 2023
    risk 0.00cvss epss 0.65

    A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-41313Feb 7, 2023
    risk 0.00cvss epss 0.01

    A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this…

  • CVE-2022-41312Feb 7, 2023
    risk 0.00cvss epss 0.01

    A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this…

  • CVE-2022-41311Feb 7, 2023
    risk 0.00cvss epss 0.01

    A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this…

  • CVE-2022-40691Feb 7, 2023
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this…

  • CVE-2022-3088Nov 22, 2022
    risk 0.00cvss epss 0.00

    UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions…

  • CVE-2022-2043Aug 31, 2022
    risk 0.00cvss epss 0.01

    MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.

  • CVE-2022-2044Aug 31, 2022
    risk 0.00cvss epss 0.01

    MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.

  • CVE-2021-46812Jun 13, 2022
    risk 0.00cvss epss 0.01

    The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.

  • CVE-2022-27048Apr 15, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series…

  • CVE-2021-40392Apr 14, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.

  • CVE-2021-40390Apr 14, 2022
    risk 0.00cvss epss 0.02

    An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2021-32976Apr 1, 2022
    risk 0.00cvss epss 0.03

    Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.

  • CVE-2021-32970Apr 1, 2022
    risk 0.00cvss epss 0.02

    Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.

  • CVE-2021-32974Apr 1, 2022
    risk 0.00cvss epss 0.03

    Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

  • CVE-2021-32968Apr 1, 2022
    risk 0.00cvss epss 0.02

    Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.

  • CVE-2021-46082Feb 18, 2022
    risk 0.00cvss epss 0.01

    Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.

  • CVE-2021-46559Jan 26, 2022
    risk 0.00cvss epss 0.00

    The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.

  • CVE-2021-46560Jan 26, 2022
    risk 0.00cvss epss 0.04

    The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.

  • CVE-2021-4161Dec 27, 2021
    risk 0.00cvss epss 0.01

    The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

  • CVE-2021-38460Oct 12, 2021
    risk 0.00cvss epss 0.02

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-38458Oct 12, 2021
    risk 0.00cvss epss 0.02

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-38454Oct 12, 2021
    risk 0.00cvss epss 0.16

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-38456Oct 12, 2021
    risk 0.00cvss epss 0.01

    A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

  • CVE-2021-38452Oct 12, 2021
    risk 0.00cvss epss 0.02

    A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

  • CVE-2021-39279Sep 7, 2021
    risk 0.00cvss epss 0.05

    Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3,…

Page 4 of 7