Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33824 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2021-33823 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-32976 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
CVE-2021-32974 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
CVE-2021-32970 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2024-11-21 7.8 HIGH 7.5 HIGH
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.
CVE-2021-32968 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.
CVE-2021-25849 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.8 HIGH 7.5 HIGH
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
CVE-2021-25848 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
CVE-2021-25847 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
CVE-2021-25846 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 7.8 HIGH 7.5 HIGH
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
CVE-2021-25845 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.
CVE-2020-8858 1 Moxa 4 Mgate 5105-mb-eip, Mgate 5105-mb-eip-t, Mgate 5105-mb-eip-t Firmware and 1 more 2024-11-21 9.0 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552.
CVE-2020-7007 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
CVE-2020-7003 1 Moxa 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
CVE-2020-7001 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-6999 1 Moxa 2 Mds-g516e, Mds-g516e Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
CVE-2020-6997 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
CVE-2020-6995 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
CVE-2020-6993 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
CVE-2020-6991 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.