CVE-2025-66023

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free UAF vulnerability within the MQTT bridge client component implemented via the underlying NanoNNG library. The vulnerability is triggered when NanoMQ acts as a bridge connecting ...

CVE-2025-66023

NanoMQ (MQTT Broker) contains a Heap-Use-After-Free (UAF) in the MQTT bridge client (via NanoNNG) triggered when acting as a bridge to a remote broker. A malicious remote broker can cause a crash or memory corruption by sending a malformed packet sequence after connection. The public notes indica...

NanoMQ 资源管理错误漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A resource management error vulnerability exists in NanoMQ versions prior to 0.24.5, which stems from the presence of heap reuse after heap release in the MQTT Bridge Client component, which could lead to...

PT-2026-1008

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.5 Description NanoMQ MQTT Broker, an Edge Messaging Platform, contains a Heap-Use-After-Free UAF issue in its MQTT bridge client component, which is implemented using the NanoNNG library. This issue occurs when...

Moxa AWK-3131A Web Application asqc.asp Information Disclosure (CVE-2016-8722)

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. This plugin only work...

Moxa AWK-3131A iw_console Privilege Escalation Vulnerability

Summary An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send...

Moxa AWK-3131A multiple iw_* utilities Use of Hard-coded Credentials Vulnerability

Summary An exploitable use of hard-coded credentials vulnerability exists in multiple iw utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. Tested Versions Moxa...

Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability

Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...

CVE-2016-8722

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker...

Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability

Moxa AWK-3131A Web Application asqc.asp Information Disclosure Vulnerability Summary An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without...

Moxa AWK-3131A Web Application Nonce Reuse Vulnerability

Summary An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. Teste...