VYPR

Vendor CVEs

Moxa

All CVEs

313 total · sorted by risk
  • CVE-2021-39278Sep 7, 2021
    risk 0.00cvss epss 0.01

    Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T…

  • CVE-2021-31989Aug 25, 2021
    risk 0.00cvss epss 0.00

    A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.

  • CVE-2021-33824Jun 18, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is…

  • CVE-2021-33823Jun 18, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

  • CVE-2020-27185May 14, 2021
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.

  • CVE-2020-27150May 14, 2021
    risk 0.00cvss epss 0.01

    In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.

  • CVE-2020-27149May 14, 2021
    risk 0.00cvss epss 0.01

    By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.

  • CVE-2021-25849May 10, 2021
    risk 0.00cvss epss 0.01

    An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.

  • CVE-2021-25846May 10, 2021
    risk 0.00cvss epss 0.01

    Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.

  • CVE-2021-25845May 10, 2021
    risk 0.00cvss epss 0.01

    Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.

  • CVE-2021-25847May 10, 2021
    risk 0.00cvss epss 0.01

    Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.

  • CVE-2021-25848May 10, 2021
    risk 0.00cvss epss 0.01

    Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp…

  • CVE-2020-28144Feb 3, 2021
    risk 0.00cvss epss 0.02

    Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote…

  • CVE-2020-25196Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.

  • CVE-2020-25153Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.

  • CVE-2020-25192Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.

  • CVE-2020-25198Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.

  • CVE-2020-25194Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.

  • CVE-2020-25190Dec 23, 2020
    risk 0.00cvss epss 0.01

    The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.

  • CVE-2020-13537Nov 5, 2020
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT…

  • CVE-2020-13536Nov 5, 2020
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT…

  • CVE-2020-23639Nov 2, 2020
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.

  • CVE-2020-12117May 1, 2020
    risk 0.00cvss epss 0.01

    Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled…

  • CVE-2020-6999Mar 26, 2020
    risk 0.00cvss epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.

  • CVE-2020-6997Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.

  • CVE-2020-6991Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.

  • CVE-2020-6981Mar 24, 2020
    risk 0.00cvss epss 0.02

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.

  • CVE-2020-6979Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.

  • CVE-2020-7001Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

  • CVE-2020-7007Mar 24, 2020
    risk 0.00cvss epss 0.03

    In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.

  • CVE-2020-6993Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.

  • CVE-2020-6995Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.

  • CVE-2020-6985Mar 24, 2020
    risk 0.00cvss epss 0.02

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.

  • CVE-2020-6987Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

  • CVE-2020-6983Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.

  • CVE-2020-6989Mar 24, 2020
    risk 0.00cvss epss 0.03

    In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.

  • CVE-2020-7003Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.

  • CVE-2019-18242Mar 24, 2020
    risk 0.00cvss epss 0.01

    In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.

  • CVE-2019-9098Mar 11, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.

  • CVE-2019-9096Mar 11, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by…

  • CVE-2019-9104Mar 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.

  • CVE-2019-9103Mar 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in…

  • CVE-2019-9097Mar 11, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service.

  • CVE-2019-9102Mar 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request…

  • CVE-2019-9095Mar 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.

  • CVE-2019-9101Mar 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the…

  • CVE-2019-18238Feb 26, 2020
    risk 0.00cvss epss 0.00

    In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

  • CVE-2019-5139Feb 25, 2020
    risk 0.00cvss epss 0.00

    An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.

  • CVE-2019-5143Feb 25, 2020
    risk 0.00cvss epss 0.05

    An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker…

  • CVE-2019-5148Feb 25, 2020
    risk 0.00cvss epss 0.03

    An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker…

Page 5 of 7