Filtered by vendor Moxa
Subscribe
Total
276 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-18392 | 1 Moxa | 1 Thingspro | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-10632 | 1 Moxa | 6 Nport 5210, Nport 5210 Firmware, Nport 5230 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. | |||||
CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | |||||
CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | |||||
CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2018-18391 | 1 Moxa | 1 Thingspro | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | |||||
CVE-2017-12126 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. | |||||
CVE-2017-12125 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability. | |||||
CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
CVE-2017-14432 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | |||||
CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | |||||
CVE-2017-12129 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 2.9 LOW | 8.0 HIGH |
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | |||||
CVE-2017-14436 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. | |||||
CVE-2018-5449 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. | |||||
CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
CVE-2017-14439 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. |