Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7001 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-6991 1 Moxa 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
CVE-2020-6993 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
CVE-2020-6985 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
CVE-2020-14511 1 Moxa 8 Edr-g902, Edr-g902-t, Edr-g902-t Firmware and 5 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
CVE-2020-6987 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVE-2020-6995 1 Moxa 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
CVE-2019-5165 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 6.5 MEDIUM 7.2 HIGH
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
CVE-2019-9096 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
CVE-2019-5136 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-9104 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext.
CVE-2019-9101 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server.
CVE-2019-5140 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-10963 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-02-28 4.3 MEDIUM 4.3 MEDIUM
Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user.
CVE-2019-9099 1 Moxa 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).
CVE-2019-5162 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 9.0 HIGH 8.8 HIGH
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2020-8858 1 Moxa 4 Mgate 5105-mb-eip, Mgate 5105-mb-eip-t, Mgate 5105-mb-eip-t Firmware and 1 more 2024-02-28 9.0 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9552.
CVE-2019-5139 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 3.6 LOW 7.1 HIGH
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.
CVE-2019-5141 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5138 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-02-28 9.0 HIGH 9.9 CRITICAL
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.