Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5453 1 Moxa 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more 2024-11-21 7.8 HIGH 7.5 HIGH
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
CVE-2018-5449 1 Moxa 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more 2024-11-21 3.3 LOW 6.5 MEDIUM
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.
CVE-2018-19660 1 Moxa 2 Nport W2x50a, Nport W2x50a Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
CVE-2018-19659 1 Moxa 2 Nport W2x50a, Nport W2x50a Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
CVE-2018-18396 1 Moxa 1 Thingspro 2024-11-21 7.5 HIGH 9.8 CRITICAL
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18395 1 Moxa 1 Thingspro 2024-11-21 10.0 HIGH 9.8 CRITICAL
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18394 1 Moxa 1 Thingspro 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18393 1 Moxa 1 Thingspro 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18392 1 Moxa 1 Thingspro 2024-11-21 6.5 MEDIUM 8.8 HIGH
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18391 1 Moxa 1 Thingspro 2024-11-21 6.5 MEDIUM 8.8 HIGH
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-18390 1 Moxa 1 Thingspro 2024-11-21 5.0 MEDIUM 7.5 HIGH
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVE-2018-16282 1 Moxa 2 Edr-810, Edr-810 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
CVE-2018-11427 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
CVE-2018-11426 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
CVE-2018-11425 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
CVE-2018-11424 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-11-21 7.8 HIGH 7.5 HIGH
There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
CVE-2018-11423 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 7.8 HIGH 7.5 HIGH
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
CVE-2018-11422 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.
CVE-2018-11421 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.
CVE-2018-11420 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.