Filtered by vendor Moxa
Subscribe
Total
285 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2024-11-21 | N/A | 7.2 HIGH |
MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | |||||
CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | |||||
CVE-2023-1257 | 1 Moxa | 108 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 105 more | 2024-11-21 | N/A | 7.6 HIGH |
An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | |||||
CVE-2022-41313 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | |||||
CVE-2022-41312 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | |||||
CVE-2022-41311 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | |||||
CVE-2022-40693 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-40224 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-3088 | 2 Debian, Moxa | 129 Debian Linux, Aig-301-ap-azu-lx, Aig-301-ap-azu-lx Firmware and 126 more | 2024-11-21 | N/A | 7.8 HIGH |
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges. | |||||
CVE-2022-3086 | 1 Moxa | 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more | 2024-11-21 | N/A | 7.1 HIGH |
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | |||||
CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2024-11-21 | N/A | 8.2 HIGH |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | |||||
CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | |||||
CVE-2022-27048 | 1 Moxa | 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. | |||||
CVE-2021-4161 | 1 Moxa | 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. | |||||
CVE-2021-46560 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | |||||
CVE-2021-46559 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | |||||
CVE-2021-46082 | 1 Moxa | 12 Mgate 5101-pbm-mn, Mgate 5101-pbm-mn-t, Mgate 5101-pbm-mn-t Firmware and 9 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | |||||
CVE-2021-40392 | 1 Moxa | 1 Mxview | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. | |||||
CVE-2021-40390 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. |