VYPR

Vendor CVEs

Moxa

All CVEs

313 total · sorted by risk
  • CVE-2018-18396Oct 19, 2018
    risk 0.00cvss epss 0.02

    Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

  • CVE-2018-18390Oct 19, 2018
    risk 0.00cvss epss 0.01

    User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

  • CVE-2018-18392Oct 19, 2018
    risk 0.00cvss epss 0.01

    Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

  • CVE-2018-18395Oct 19, 2018
    risk 0.00cvss epss 0.02

    Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

  • CVE-2015-6466Sep 11, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.

  • CVE-2015-6465Sep 11, 2015
    risk 0.00cvss epss 0.02

    The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.

  • CVE-2015-6464Sep 11, 2015
    risk 0.00cvss epss 0.02

    The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.

  • CVE-2015-1000Jun 5, 2015
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.

  • CVE-2015-0986May 26, 2015
    risk 0.00cvss epss 0.02

    Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.

  • CVE-2012-3039Aug 9, 2013
    risk 0.00cvss epss 0.01

    Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere.

  • CVE-2012-4712Feb 15, 2013
    risk 0.00cvss epss 0.02

    Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.

  • CVE-2012-4694Feb 15, 2013
    risk 0.00cvss epss 0.01

    Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a…

  • CVE-2012-4577Aug 21, 2012
    risk 0.00cvss epss 0.04

    The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.

Page 7 of 7