Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6557 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6565 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2018-10694 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 4.3 MEDIUM 8.1 HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well.
CVE-2018-11420 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
CVE-2018-10699 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_privatePass" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
CVE-2018-11425 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
CVE-2019-6563 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVE-2018-10703 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_serverip" is susceptible to buffer overflow. By crafting a packet that contains a string of 480 characters, it is possible for an attacker to execute the attack.
CVE-2018-11427 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
CVE-2018-10690 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 4.3 MEDIUM 8.1 HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials.
CVE-2018-11426 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
CVE-2019-6559 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2015-6457 1 Moxa 1 Softcms 2024-02-28 6.8 MEDIUM 8.8 HIGH
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.
CVE-2018-11423 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-02-28 7.8 HIGH 7.5 HIGH
There is Memory corruption in the web interface Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior, different vulnerability than CVE-2018-11420.
CVE-2018-11422 1 Moxa 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.
CVE-2018-11424 1 Moxa 8 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 5 more 2024-02-28 7.8 HIGH 7.5 HIGH
There is Memory corruption in the web interface of Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11425.
CVE-2018-10697 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 9.3 HIGH 8.8 HIGH
An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack.
CVE-2019-6524 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVE-2019-6522 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2024-02-28 8.5 HIGH 9.1 CRITICAL
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVE-2018-10698 1 Moxa 2 Awk-3121, Awk-3121 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.