Vendor CVEs
Moxa
All CVEs
313 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-39278 | 0.00 | — | 0.01 | Sep 7, 2021 | Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T… | |||
| CVE-2021-31989 | 0.00 | — | 0.00 | Aug 25, 2021 | A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. | |||
| CVE-2021-33824 | 0.00 | — | 0.02 | Jun 18, 2021 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is… | |||
| CVE-2021-33823 | 0.00 | — | 0.02 | Jun 18, 2021 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service. | |||
| CVE-2020-27185 | 0.00 | — | 0.01 | May 14, 2021 | Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. | |||
| CVE-2020-27150 | 0.00 | — | 0.01 | May 14, 2021 | In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. | |||
| CVE-2020-27149 | 0.00 | — | 0.01 | May 14, 2021 | By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. | |||
| CVE-2021-25849 | 0.00 | — | 0.01 | May 10, 2021 | An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. | |||
| CVE-2021-25846 | 0.00 | — | 0.01 | May 10, 2021 | Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. | |||
| CVE-2021-25845 | 0.00 | — | 0.01 | May 10, 2021 | Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. | |||
| CVE-2021-25847 | 0.00 | — | 0.01 | May 10, 2021 | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet. | |||
| CVE-2021-25848 | 0.00 | — | 0.01 | May 10, 2021 | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp… | |||
| CVE-2020-28144 | 0.00 | — | 0.02 | Feb 3, 2021 | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote… | |||
| CVE-2020-25196 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | |||
| CVE-2020-25153 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | |||
| CVE-2020-25192 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. | |||
| CVE-2020-25198 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | |||
| CVE-2020-25194 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | |||
| CVE-2020-25190 | 0.00 | — | 0.01 | Dec 23, 2020 | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | |||
| CVE-2020-13537 | 0.00 | — | 0.01 | Nov 5, 2020 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT… | |||
| CVE-2020-13536 | 0.00 | — | 0.01 | Nov 5, 2020 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT… | |||
| CVE-2020-23639 | 0.00 | — | 0.03 | Nov 2, 2020 | A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | |||
| CVE-2020-12117 | 0.00 | — | 0.01 | May 1, 2020 | Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled… | |||
| CVE-2020-6999 | 0.00 | — | 0.01 | Mar 26, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. | |||
| CVE-2020-6997 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | |||
| CVE-2020-6991 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | |||
| CVE-2020-6981 | 0.00 | — | 0.02 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | |||
| CVE-2020-6979 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | |||
| CVE-2020-7001 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | |||
| CVE-2020-7007 | 0.00 | — | 0.03 | Mar 24, 2020 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | |||
| CVE-2020-6993 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. | |||
| CVE-2020-6995 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. | |||
| CVE-2020-6985 | 0.00 | — | 0.02 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | |||
| CVE-2020-6987 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | |||
| CVE-2020-6983 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | |||
| CVE-2020-6989 | 0.00 | — | 0.03 | Mar 24, 2020 | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. | |||
| CVE-2020-7003 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | |||
| CVE-2019-18242 | 0.00 | — | 0.01 | Mar 24, 2020 | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. | |||
| CVE-2019-9098 | 0.00 | — | 0.02 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | |||
| CVE-2019-9096 | 0.00 | — | 0.02 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by… | |||
| CVE-2019-9104 | 0.00 | — | 0.01 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. | |||
| CVE-2019-9103 | 0.00 | — | 0.01 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in… | |||
| CVE-2019-9097 | 0.00 | — | 0.02 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. | |||
| CVE-2019-9102 | 0.00 | — | 0.01 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request… | |||
| CVE-2019-9095 | 0.00 | — | 0.01 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. | |||
| CVE-2019-9101 | 0.00 | — | 0.01 | Mar 11, 2020 | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the… | |||
| CVE-2019-18238 | 0.00 | — | 0.00 | Feb 26, 2020 | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | |||
| CVE-2019-5139 | 0.00 | — | 0.00 | Feb 25, 2020 | An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | |||
| CVE-2019-5143 | 0.00 | — | 0.05 | Feb 25, 2020 | An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker… | |||
| CVE-2019-5148 | 0.00 | — | 0.03 | Feb 25, 2020 | An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker… |
- CVE-2021-39278Sep 7, 2021risk 0.00cvss —epss 0.01
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T…
- CVE-2021-31989Aug 25, 2021risk 0.00cvss —epss 0.00
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
- CVE-2021-33824Jun 18, 2021risk 0.00cvss —epss 0.02
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is…
- CVE-2021-33823Jun 18, 2021risk 0.00cvss —epss 0.02
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
- CVE-2020-27185May 14, 2021risk 0.00cvss —epss 0.01
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
- CVE-2020-27150May 14, 2021risk 0.00cvss —epss 0.01
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.
- CVE-2020-27149May 14, 2021risk 0.00cvss —epss 0.01
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
- CVE-2021-25849May 10, 2021risk 0.00cvss —epss 0.01
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
- CVE-2021-25846May 10, 2021risk 0.00cvss —epss 0.01
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
- CVE-2021-25845May 10, 2021risk 0.00cvss —epss 0.01
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.
- CVE-2021-25847May 10, 2021risk 0.00cvss —epss 0.01
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
- CVE-2021-25848May 10, 2021risk 0.00cvss —epss 0.01
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp…
- CVE-2020-28144Feb 3, 2021risk 0.00cvss —epss 0.02
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote…
- CVE-2020-25196Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
- CVE-2020-25153Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
- CVE-2020-25192Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
- CVE-2020-25198Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
- CVE-2020-25194Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
- CVE-2020-25190Dec 23, 2020risk 0.00cvss —epss 0.01
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
- CVE-2020-13537Nov 5, 2020risk 0.00cvss —epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT…
- CVE-2020-13536Nov 5, 2020risk 0.00cvss —epss 0.01
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT…
- CVE-2020-23639Nov 2, 2020risk 0.00cvss —epss 0.03
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
- CVE-2020-12117May 1, 2020risk 0.00cvss —epss 0.01
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled…
- CVE-2020-6999Mar 26, 2020risk 0.00cvss —epss 0.01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
- CVE-2020-6997Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
- CVE-2020-6991Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
- CVE-2020-6981Mar 24, 2020risk 0.00cvss —epss 0.02
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
- CVE-2020-6979Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
- CVE-2020-7001Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
- CVE-2020-7007Mar 24, 2020risk 0.00cvss —epss 0.03
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
- CVE-2020-6993Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
- CVE-2020-6995Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
- CVE-2020-6985Mar 24, 2020risk 0.00cvss —epss 0.02
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
- CVE-2020-6987Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
- CVE-2020-6983Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.
- CVE-2020-6989Mar 24, 2020risk 0.00cvss —epss 0.03
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
- CVE-2020-7003Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
- CVE-2019-18242Mar 24, 2020risk 0.00cvss —epss 0.01
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
- CVE-2019-9098Mar 11, 2020risk 0.00cvss —epss 0.02
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.
- CVE-2019-9096Mar 11, 2020risk 0.00cvss —epss 0.02
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by…
- CVE-2019-9104Mar 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.
- CVE-2019-9103Mar 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in…
- CVE-2019-9097Mar 11, 2020risk 0.00cvss —epss 0.02
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.
- CVE-2019-9102Mar 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request…
- CVE-2019-9095Mar 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.
- CVE-2019-9101Mar 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the…
- CVE-2019-18238Feb 26, 2020risk 0.00cvss —epss 0.00
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.
- CVE-2019-5139Feb 25, 2020risk 0.00cvss —epss 0.00
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.
- CVE-2019-5143Feb 25, 2020risk 0.00cvss —epss 0.05
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker…
- CVE-2019-5148Feb 25, 2020risk 0.00cvss —epss 0.03
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker…
Page 5 of 7