Vendor CVEs
Moxa
All CVEs
313 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5165 | 0.00 | — | 0.02 | Feb 25, 2020 | An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web… | |||
| CVE-2019-5153 | 0.00 | — | 0.05 | Feb 25, 2020 | An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An… | |||
| CVE-2019-5162 | 0.00 | — | 0.03 | Feb 25, 2020 | An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell… | |||
| CVE-2019-5137 | 0.00 | — | 0.02 | Feb 25, 2020 | The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||
| CVE-2019-5138 | 0.00 | — | 0.05 | Feb 25, 2020 | An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the… | |||
| CVE-2019-5136 | 0.00 | — | 0.02 | Feb 25, 2020 | An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An… | |||
| CVE-2019-5142 | 0.00 | — | 0.07 | Feb 25, 2020 | An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the… | |||
| CVE-2019-5141 | 0.00 | — | 0.05 | Feb 25, 2020 | An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the… | |||
| CVE-2019-5140 | 0.00 | — | 0.03 | Feb 25, 2020 | An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the… | |||
| CVE-2019-19707 | 0.00 | — | 0.01 | Dec 11, 2019 | On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | |||
| CVE-2018-11420 | 0.00 | — | 0.02 | Jul 3, 2019 | There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423. | |||
| CVE-2018-11421 | 0.00 | — | 0.01 | Jul 3, 2019 | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol… | |||
| CVE-2018-11422 | 0.00 | — | 0.01 | Jul 3, 2019 | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any… | |||
| CVE-2018-11423 | 0.00 | — | 0.01 | Jul 3, 2019 | There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420. | |||
| CVE-2018-11424 | 0.00 | — | 0.01 | Jul 3, 2019 | There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425. | |||
| CVE-2018-11425 | 0.00 | — | 0.02 | Jul 3, 2019 | Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424. | |||
| CVE-2018-11426 | 0.00 | — | 0.02 | Jul 3, 2019 | A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change. | |||
| CVE-2018-11427 | 0.00 | — | 0.01 | Jul 3, 2019 | CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | |||
| CVE-2018-10703 | 0.00 | — | 0.03 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter… | |||
| CVE-2018-10702 | 0.00 | — | 0.05 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter… | |||
| CVE-2018-10701 | 0.00 | — | 0.03 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter… | |||
| CVE-2018-10700 | 0.00 | — | 0.39 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is… | |||
| CVE-2018-10699 | 0.00 | — | 0.02 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute… | |||
| CVE-2018-10698 | 0.00 | — | 0.02 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect… | |||
| CVE-2018-10697 | 0.00 | — | 0.04 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the… | |||
| CVE-2018-10696 | 0.00 | — | 0.01 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions… | |||
| CVE-2018-10695 | 0.00 | — | 0.03 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the… | |||
| CVE-2018-10694 | 0.00 | — | 0.01 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic… | |||
| CVE-2018-10693 | 0.00 | — | 0.03 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST… | |||
| CVE-2018-10692 | 0.00 | — | 0.01 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. | |||
| CVE-2018-10691 | 0.00 | — | 0.02 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization. | |||
| CVE-2018-10690 | 0.00 | — | 0.01 | Jun 7, 2019 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise… | |||
| CVE-2019-6526 | 0.00 | — | 0.01 | Apr 12, 2019 | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an… | |||
| CVE-2015-6458 | 0.00 | — | 0.03 | Mar 21, 2019 | Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||
| CVE-2015-6457 | 0.00 | — | 0.03 | Mar 21, 2019 | Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||
| CVE-2016-5819 | 0.00 | — | 0.01 | Mar 21, 2019 | Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust… | |||
| CVE-2019-6561 | 0.00 | — | 0.01 | Mar 5, 2019 | Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | |||
| CVE-2019-6559 | 0.00 | — | 0.02 | Mar 5, 2019 | Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. | |||
| CVE-2019-6563 | 0.00 | — | 0.02 | Mar 5, 2019 | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. | |||
| CVE-2019-6524 | 0.00 | — | 0.03 | Mar 5, 2019 | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | |||
| CVE-2019-6565 | 0.00 | — | 0.01 | Mar 5, 2019 | Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script. | |||
| CVE-2019-6520 | 0.00 | — | 0.02 | Mar 5, 2019 | Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | |||
| CVE-2019-6518 | 0.00 | — | 0.01 | Mar 5, 2019 | Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | |||
| CVE-2019-6522 | 0.00 | — | 0.03 | Mar 5, 2019 | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot. | |||
| CVE-2019-8372 | 0.00 | — | 0.01 | Feb 18, 2019 | The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an… | |||
| CVE-2018-19659 | 0.00 | — | 0.04 | Dec 6, 2018 | An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as… | |||
| CVE-2018-19660 | 0.00 | — | 0.31 | Dec 6, 2018 | An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands… | |||
| CVE-2018-18390 | 0.00 | — | 0.01 | Oct 19, 2018 | User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2018-18396 | 0.00 | — | 0.02 | Oct 19, 2018 | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2018-18395 | 0.00 | — | 0.02 | Oct 19, 2018 | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. |
- CVE-2019-5165Feb 25, 2020risk 0.00cvss —epss 0.02
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web…
- CVE-2019-5153Feb 25, 2020risk 0.00cvss —epss 0.05
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An…
- CVE-2019-5162Feb 25, 2020risk 0.00cvss —epss 0.03
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell…
- CVE-2019-5137Feb 25, 2020risk 0.00cvss —epss 0.02
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
- CVE-2019-5138Feb 25, 2020risk 0.00cvss —epss 0.05
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the…
- CVE-2019-5136Feb 25, 2020risk 0.00cvss —epss 0.02
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An…
- CVE-2019-5142Feb 25, 2020risk 0.00cvss —epss 0.07
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the…
- CVE-2019-5141Feb 25, 2020risk 0.00cvss —epss 0.05
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the…
- CVE-2019-5140Feb 25, 2020risk 0.00cvss —epss 0.03
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the…
- CVE-2019-19707Dec 11, 2019risk 0.00cvss —epss 0.01
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
- CVE-2018-11420Jul 3, 2019risk 0.00cvss —epss 0.02
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
- CVE-2018-11421Jul 3, 2019risk 0.00cvss —epss 0.01
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol…
- CVE-2018-11422Jul 3, 2019risk 0.00cvss —epss 0.01
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any…
- CVE-2018-11423Jul 3, 2019risk 0.00cvss —epss 0.01
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
- CVE-2018-11424Jul 3, 2019risk 0.00cvss —epss 0.01
There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
- CVE-2018-11425Jul 3, 2019risk 0.00cvss —epss 0.02
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
- CVE-2018-11426Jul 3, 2019risk 0.00cvss —epss 0.02
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
- CVE-2018-11427Jul 3, 2019risk 0.00cvss —epss 0.01
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
- CVE-2018-10703Jun 7, 2019risk 0.00cvss —epss 0.03
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter…
- CVE-2018-10702Jun 7, 2019risk 0.00cvss —epss 0.05
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter…
- CVE-2018-10701Jun 7, 2019risk 0.00cvss —epss 0.03
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter…
- CVE-2018-10700Jun 7, 2019risk 0.00cvss —epss 0.39
An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is…
- CVE-2018-10699Jun 7, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute…
- CVE-2018-10698Jun 7, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect…
- CVE-2018-10697Jun 7, 2019risk 0.00cvss —epss 0.04
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the…
- CVE-2018-10696Jun 7, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions…
- CVE-2018-10695Jun 7, 2019risk 0.00cvss —epss 0.03
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the…
- CVE-2018-10694Jun 7, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic…
- CVE-2018-10693Jun 7, 2019risk 0.00cvss —epss 0.03
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST…
- CVE-2018-10692Jun 7, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.
- CVE-2018-10691Jun 7, 2019risk 0.00cvss —epss 0.02
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.
- CVE-2018-10690Jun 7, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise…
- CVE-2019-6526Apr 12, 2019risk 0.00cvss —epss 0.01
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an…
- CVE-2015-6458Mar 21, 2019risk 0.00cvss —epss 0.03
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
- CVE-2015-6457Mar 21, 2019risk 0.00cvss —epss 0.03
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
- CVE-2016-5819Mar 21, 2019risk 0.00cvss —epss 0.01
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust…
- CVE-2019-6561Mar 5, 2019risk 0.00cvss —epss 0.01
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
- CVE-2019-6559Mar 5, 2019risk 0.00cvss —epss 0.02
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
- CVE-2019-6563Mar 5, 2019risk 0.00cvss —epss 0.02
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
- CVE-2019-6524Mar 5, 2019risk 0.00cvss —epss 0.03
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
- CVE-2019-6565Mar 5, 2019risk 0.00cvss —epss 0.01
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
- CVE-2019-6520Mar 5, 2019risk 0.00cvss —epss 0.02
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
- CVE-2019-6518Mar 5, 2019risk 0.00cvss —epss 0.01
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
- CVE-2019-6522Mar 5, 2019risk 0.00cvss —epss 0.03
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
- CVE-2019-8372Feb 18, 2019risk 0.00cvss —epss 0.01
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an…
- CVE-2018-19659Dec 6, 2018risk 0.00cvss —epss 0.04
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as…
- CVE-2018-19660Dec 6, 2018risk 0.00cvss —epss 0.31
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands…
- CVE-2018-18390Oct 19, 2018risk 0.00cvss —epss 0.01
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2018-18396Oct 19, 2018risk 0.00cvss —epss 0.02
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2018-18395Oct 19, 2018risk 0.00cvss —epss 0.02
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Page 6 of 7