Filtered by vendor Moxa
Subscribe
Total
285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10700 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection. | |||||
| CVE-2015-6458 | 1 Moxa | 1 Softcms | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||||
| CVE-2019-6526 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. | |||||
| CVE-2018-10692 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. | |||||
| CVE-2018-10701 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to buffer overflow. By crafting a packet that contains a string of 162 characters, it is possible for an attacker to execute the attack. | |||||
| CVE-2018-11421 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages. | |||||
| CVE-2019-6561 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. | |||||
| CVE-2019-6518 | 1 Moxa | 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-16282 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. | |||||
| CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | |||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18391 | 1 Moxa | 1 Thingspro | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-10632 | 1 Moxa | 6 Nport 5210, Nport 5210 Firmware, Nport 5230 and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. | |||||
| CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | |||||
| CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2018-18392 | 1 Moxa | 1 Thingspro | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | |||||