Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 276 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2043 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2023-12-10 N/A 7.5 HIGH
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.
CVE-2022-2044 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2023-12-10 N/A 8.2 HIGH
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.
CVE-2022-27048 1 Moxa 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more 2023-12-10 5.8 MEDIUM 7.4 HIGH
A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.
CVE-2021-32974 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
CVE-2021-40390 1 Moxa 1 Mxview 2023-12-10 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2021-40392 1 Moxa 1 Mxview 2023-12-10 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.
CVE-2021-46082 1 Moxa 12 Mgate 5101-pbm-mn, Mgate 5101-pbm-mn-t, Mgate 5101-pbm-mn-t Firmware and 9 more 2023-12-10 7.8 HIGH 7.5 HIGH
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.
CVE-2021-32968 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.
CVE-2021-32976 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
CVE-2021-32970 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2023-12-10 7.8 HIGH 7.5 HIGH
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.
CVE-2021-38460 1 Moxa 1 Mxview 2023-12-10 5.0 MEDIUM 7.5 HIGH
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38458 1 Moxa 1 Mxview 2023-12-10 7.5 HIGH 9.8 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38452 1 Moxa 1 Mxview 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-46560 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2023-12-10 7.5 HIGH 9.8 CRITICAL
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
CVE-2021-46559 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
CVE-2021-4161 1 Moxa 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVE-2021-38456 1 Moxa 1 Mxview 2023-12-10 7.5 HIGH 9.8 CRITICAL
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVE-2021-38454 1 Moxa 1 Mxview 2023-12-10 7.5 HIGH 10.0 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-33824 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2020-27184 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.