Vendor CVEs
Moxa
All CVEs
313 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18396 | 0.00 | — | 0.02 | Oct 19, 2018 | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2018-18390 | 0.00 | — | 0.01 | Oct 19, 2018 | User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2018-18392 | 0.00 | — | 0.01 | Oct 19, 2018 | Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2018-18395 | 0.00 | — | 0.02 | Oct 19, 2018 | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||
| CVE-2015-6466 | 0.00 | — | 0.01 | Sep 11, 2015 | Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | |||
| CVE-2015-6465 | 0.00 | — | 0.02 | Sep 11, 2015 | The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | |||
| CVE-2015-6464 | 0.00 | — | 0.02 | Sep 11, 2015 | The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | |||
| CVE-2015-1000 | 0.00 | — | 0.03 | Jun 5, 2015 | Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. | |||
| CVE-2015-0986 | 0.00 | — | 0.02 | May 26, 2015 | Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. | |||
| CVE-2012-3039 | 0.00 | — | 0.01 | Aug 9, 2013 | Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. | |||
| CVE-2012-4712 | 0.00 | — | 0.02 | Feb 15, 2013 | Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||
| CVE-2012-4694 | 0.00 | — | 0.01 | Feb 15, 2013 | Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a… | |||
| CVE-2012-4577 | 0.00 | — | 0.04 | Aug 21, 2012 | The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. |
- CVE-2018-18396Oct 19, 2018risk 0.00cvss —epss 0.02
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2018-18390Oct 19, 2018risk 0.00cvss —epss 0.01
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2018-18392Oct 19, 2018risk 0.00cvss —epss 0.01
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2018-18395Oct 19, 2018risk 0.00cvss —epss 0.02
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
- CVE-2015-6466Sep 11, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
- CVE-2015-6465Sep 11, 2015risk 0.00cvss —epss 0.02
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
- CVE-2015-6464Sep 11, 2015risk 0.00cvss —epss 0.02
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.
- CVE-2015-1000Jun 5, 2015risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.
- CVE-2015-0986May 26, 2015risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
- CVE-2012-3039Aug 9, 2013risk 0.00cvss —epss 0.01
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere.
- CVE-2012-4712Feb 15, 2013risk 0.00cvss —epss 0.02
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.
- CVE-2012-4694Feb 15, 2013risk 0.00cvss —epss 0.01
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a…
- CVE-2012-4577Aug 21, 2012risk 0.00cvss —epss 0.04
The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session.
Page 7 of 7