Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5449 1 Moxa 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more 2024-02-28 3.3 LOW 6.5 MEDIUM
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.
CVE-2017-14459 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
CVE-2016-8717 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
CVE-2017-12125 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.
CVE-2017-12129 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 2.9 LOW 8.0 HIGH
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.
CVE-2017-12120 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability.
CVE-2017-12126 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.
CVE-2017-14439 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.
CVE-2017-14436 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.
CVE-2017-12128 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.
CVE-2017-14432 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-14438 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.
CVE-2017-14433 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-12127 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 2.1 LOW 4.4 MEDIUM
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
CVE-2017-14435 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.
CVE-2017-5170 1 Moxa 1 Softnvr-ia Live View 2024-02-28 6.5 MEDIUM 7.2 HIGH
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
CVE-2017-12729 1 Moxa 1 Softcms Lab View 2024-02-28 7.5 HIGH 9.8 CRITICAL
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password.
CVE-2018-5453 1 Moxa 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more 2024-02-28 7.8 HIGH 7.5 HIGH
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
CVE-2017-14434 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-12123 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 3.3 LOW 8.8 HIGH
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.