Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7455 1 Moxa 1 Mxview 2024-11-21 5.0 MEDIUM 7.5 HIGH
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
CVE-2017-5170 1 Moxa 1 Softnvr-ia Live View 2024-11-21 6.5 MEDIUM 7.2 HIGH
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. The attacker needs to have administrative access to the default install location in order to plant the insecure DLL. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
CVE-2017-16727 1 Moxa 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
CVE-2017-16719 1 Moxa 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.
CVE-2017-16715 1 Moxa 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
CVE-2017-14459 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-11-21 10.0 HIGH 10.0 CRITICAL
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
CVE-2017-14439 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.
CVE-2017-14438 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.
CVE-2017-14437 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_LOG.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14436 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14435 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG.ini" without a cookie header to trigger this vulnerability.
CVE-2017-14434 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-14433 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-14432 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability.
CVE-2017-14030 1 Moxa 1 Mxview 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
CVE-2017-14028 1 Moxa 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.
CVE-2017-13703 1 Moxa 2 Eds-g512e, Eds-g512e Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.
CVE-2017-13702 1 Moxa 2 Eds-g512e, Eds-g512e Firmware 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.
CVE-2017-13701 1 Moxa 2 Eds-g512e, Eds-g512e Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
CVE-2017-13700 1 Moxa 2 Eds-g512e, Eds-g512e Firmware 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.