Filtered by vendor Moxa
Subscribe
Total
276 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2043 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | |||||
CVE-2022-2044 | 1 Moxa | 2 Nport 5110, Nport 5110 Firmware | 2023-12-10 | N/A | 8.2 HIGH |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | |||||
CVE-2022-27048 | 1 Moxa | 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. | |||||
CVE-2021-32974 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | |||||
CVE-2021-40390 | 1 Moxa | 1 Mxview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2021-40392 | 1 Moxa | 1 Mxview | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability. | |||||
CVE-2021-46082 | 1 Moxa | 12 Mgate 5101-pbm-mn, Mgate 5101-pbm-mn-t, Mgate 5101-pbm-mn-t Firmware and 9 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | |||||
CVE-2021-32968 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. | |||||
CVE-2021-32976 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. | |||||
CVE-2021-32970 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. | |||||
CVE-2021-38460 | 1 Moxa | 1 Mxview | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
CVE-2021-38458 | 1 Moxa | 1 Mxview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
CVE-2021-38452 | 1 Moxa | 1 Mxview | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
CVE-2021-46560 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | |||||
CVE-2021-46559 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | |||||
CVE-2021-4161 | 1 Moxa | 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. | |||||
CVE-2021-38456 | 1 Moxa | 1 Mxview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords | |||||
CVE-2021-38454 | 1 Moxa | 1 Mxview | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | |||||
CVE-2021-33824 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | |||||
CVE-2020-27184 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. |