Filtered by vendor Moxa
Subscribe
Total
285 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9095 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. | |||||
CVE-2019-5142 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. | |||||
CVE-2019-9102 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. | |||||
CVE-2019-19707 | 1 Moxa | 6 Eds-g508e, Eds-g508e Firmware, Eds-g512e and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets. | |||||
CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||||
CVE-2019-9103 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. | |||||
CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | |||||
CVE-2019-5148 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. | |||||
CVE-2019-9097 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. | |||||
CVE-2019-5143 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
CVE-2019-18238 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | |||||
CVE-2019-10969 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | |||||
CVE-2019-5153 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
CVE-2018-10695 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execute commands on the device. The POST parameters "to1,to2,to3,to4" are all susceptible to buffer overflow. By crafting a packet that contains a string of 678 characters, it is possible for an attacker to execute the attack. | |||||
CVE-2018-10702 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters. | |||||
CVE-2018-10696 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs. | |||||
CVE-2018-10693 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack. | |||||
CVE-2019-6520 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | |||||
CVE-2018-10691 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization. | |||||
CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. |