Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2283 1 Moxa 16 Ioadmin Firmware, Iologik E2210, Iologik E2210-t and 13 more 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors.
CVE-2016-4514 1 Moxa 2 Pt-7728, Pt-7728 Firmware 2024-02-28 4.6 MEDIUM 7.7 HIGH
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
CVE-2016-4503 1 Moxa 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
CVE-2016-2285 1 Moxa 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2016-0879 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
CVE-2015-0986 1 Moxa 1 Vport Activex Sdk Plus 2024-02-28 7.5 HIGH N/A
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
CVE-2016-4500 1 Moxa 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware 2024-02-28 4.9 MEDIUM 5.8 MEDIUM
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
CVE-2016-2295 1 Moxa 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.
CVE-2016-5804 1 Moxa 10 Mgate Mb3170, Mgate Mb3170 Firmware, Mgate Mb3180 and 7 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
CVE-2016-5792 1 Moxa 1 Softcms 2024-02-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVE-2016-0878 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVE-2015-6464 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2024-02-28 8.5 HIGH N/A
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.
CVE-2015-6465 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2024-02-28 6.8 MEDIUM N/A
The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL.
CVE-2015-6481 1 Moxa 1 Oncell Central Manager 2024-02-28 7.5 HIGH 8.3 HIGH
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.
CVE-2015-1000 1 Moxa 1 Softcms 2024-02-28 6.8 MEDIUM N/A
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.
CVE-2015-6466 1 Moxa 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
CVE-2016-5812 1 Moxa 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more 2024-02-28 2.1 LOW 3.3 LOW
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
CVE-2016-0877 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVE-2016-0876 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2016-5793 1 Moxa 1 Active Opc Server 2024-02-28 7.2 HIGH 8.8 HIGH
Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.