Lucene search

K

Moxa Security Vulnerabilities

cve
cve

CVE-2022-2044

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the...

8.2CVSS

8.1AI Score

0.001EPSS

2022-08-31 04:15 PM
27
2
cve
cve

CVE-2022-2043

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become...

7.5CVSS

7.5AI Score

0.001EPSS

2022-08-31 04:15 PM
29
4
cve
cve

CVE-2020-27185

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa...

7.5CVSS

7.3AI Score

0.002EPSS

2021-05-14 01:15 PM
14
3
cve
cve

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority...

7.8CVSS

7.5AI Score

0.001EPSS

2020-11-05 09:15 PM
38
cve
cve

CVE-2020-13536

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority...

7.8CVSS

7.5AI Score

0.001EPSS

2020-11-05 09:15 PM
33
cve
cve

CVE-2020-6999

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its...

6.5CVSS

6.5AI Score

0.001EPSS

2020-03-26 01:15 PM
27
cve
cve

CVE-2020-6997

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in...

7.5CVSS

7.3AI Score

0.002EPSS

2020-03-24 09:15 PM
22
cve
cve

CVE-2020-7007

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of...

9.8CVSS

9.6AI Score

0.005EPSS

2020-03-24 09:15 PM
29
cve
cve

CVE-2020-6991

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute...

9.8CVSS

9.6AI Score

0.002EPSS

2020-03-24 09:15 PM
20
cve
cve

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be...

7.5CVSS

7.3AI Score

0.002EPSS

2020-03-24 09:15 PM
26
cve
cve

CVE-2020-6981

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper...

9.8CVSS

9.4AI Score

0.002EPSS

2020-03-24 09:15 PM
38
cve
cve

CVE-2020-6979

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be...

7.5CVSS

7.5AI Score

0.002EPSS

2020-03-24 09:15 PM
27
cve
cve

CVE-2020-6995

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized...

9.8CVSS

9.5AI Score

0.002EPSS

2020-03-24 08:15 PM
30
cve
cve

CVE-2020-6993

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without...

7.5CVSS

7.5AI Score

0.002EPSS

2020-03-24 08:15 PM
20
cve
cve

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the...

9.8CVSS

9.4AI Score

0.002EPSS

2020-03-24 08:15 PM
23
cve
cve

CVE-2020-6987

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be...

7.5CVSS

7.3AI Score

0.002EPSS

2020-03-24 07:15 PM
21
cve
cve

CVE-2020-6989

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary...

9.8CVSS

9.9AI Score

0.013EPSS

2020-03-24 07:15 PM
18
cve
cve

CVE-2020-6983

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be...

7.5CVSS

7.5AI Score

0.002EPSS

2020-03-24 07:15 PM
22
cve
cve

CVE-2020-7003

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear...

7.5CVSS

7.3AI Score

0.002EPSS

2020-03-24 06:15 PM
25
cve
cve

CVE-2019-18242

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to...

7.5CVSS

7.5AI Score

0.001EPSS

2020-03-24 05:15 PM
28
cve
cve

CVE-2019-18238

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative...

7.5CVSS

7.2AI Score

0.001EPSS

2020-02-26 10:15 PM
54
cve
cve

CVE-2019-5165

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An...

7.2CVSS

6.9AI Score

0.001EPSS

2020-02-25 04:15 PM
42
2
cve
cve

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as....

8.8CVSS

8.6AI Score

0.001EPSS

2020-02-25 04:15 PM
44
2
cve
cve

CVE-2019-5140

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An...

8.8CVSS

8.8AI Score

0.003EPSS

2020-02-25 04:15 PM
46
3
cve
cve

CVE-2019-5136

An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...

8.8CVSS

8.7AI Score

0.001EPSS

2020-02-25 04:15 PM
56
4
cve
cve

CVE-2019-5153

An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send...

8.8CVSS

9.1AI Score

0.004EPSS

2020-02-25 04:15 PM
47
2
cve
cve

CVE-2019-5139

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic...

7.1CVSS

6.9AI Score

0.001EPSS

2020-02-25 04:15 PM
37
3
cve
cve

CVE-2019-5143

An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands...

8.8CVSS

9AI Score

0.004EPSS

2020-02-25 04:15 PM
50
3
cve
cve

CVE-2019-5148

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet....

7.5CVSS

7.5AI Score

0.003EPSS

2020-02-25 04:15 PM
43
3
cve
cve

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version...

7.5CVSS

7.5AI Score

0.004EPSS

2020-02-25 04:15 PM
50
3
cve
cve

CVE-2019-5138

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

9.9CVSS

9.5AI Score

0.007EPSS

2020-02-25 04:15 PM
51
3
cve
cve

CVE-2019-5142

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can....

7.2CVSS

7.1AI Score

0.003EPSS

2020-02-25 04:15 PM
49
3
cve
cve

CVE-2019-5141

An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker...

8.8CVSS

8.8AI Score

0.01EPSS

2020-02-25 04:15 PM
43
3
cve
cve

CVE-2019-10969

Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code...

7.2CVSS

7.2AI Score

0.007EPSS

2019-10-08 07:15 PM
78
cve
cve

CVE-2019-10963

Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate...

4.3CVSS

4.9AI Score

0.001EPSS

2019-10-08 07:15 PM
76
cve
cve

CVE-2019-6518

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the...

7.5CVSS

7.2AI Score

0.001EPSS

2019-03-05 08:29 PM
27
cve
cve

CVE-2019-6559

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to...

6.5CVSS

6.1AI Score

0.001EPSS

2019-03-05 08:29 PM
32
cve
cve

CVE-2019-6563

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the...

9.8CVSS

9.3AI Score

0.002EPSS

2019-03-05 08:29 PM
39
cve
cve

CVE-2019-6565

Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious...

6.1CVSS

5.9AI Score

0.001EPSS

2019-03-05 08:29 PM
30
cve
cve

CVE-2019-6524

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force...

9.8CVSS

9.4AI Score

0.002EPSS

2019-03-05 08:29 PM
28
cve
cve

CVE-2019-6520

Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration...

7.5CVSS

7.5AI Score

0.001EPSS

2019-03-05 08:29 PM
30
cve
cve

CVE-2019-6522

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device...

9.1CVSS

9.1AI Score

0.002EPSS

2019-03-05 08:29 PM
27
cve
cve

CVE-2019-6557

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code...

9.8CVSS

10AI Score

0.008EPSS

2019-03-05 08:29 PM
24
cve
cve

CVE-2019-6561

Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the...

8.8CVSS

8.8AI Score

0.001EPSS

2019-03-05 08:29 PM
30
cve
cve

CVE-2017-14439

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this...

7.5CVSS

7.4AI Score

0.002EPSS

2018-05-14 08:29 PM
34
cve
cve

CVE-2017-12125

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri....

8.8CVSS

9AI Score

0.001EPSS

2018-05-14 08:29 PM
36
cve
cve

CVE-2017-14433

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the...

8.8CVSS

9AI Score

0.001EPSS

2018-05-14 08:29 PM
39
cve
cve

CVE-2017-14438

Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this...

7.5CVSS

7.4AI Score

0.002EPSS

2018-05-14 08:29 PM
35
cve
cve

CVE-2017-14432

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the...

8.8CVSS

9AI Score

0.001EPSS

2018-05-14 08:29 PM
28
cve
cve

CVE-2017-12124

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this...

6.5CVSS

6.2AI Score

0.001EPSS

2018-05-14 08:29 PM
39
Total number of security vulnerabilities100