33 matches found
CVE-2025-1680
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
EUVD-2025-35688
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected...
CVE-2025-1680
An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected...
CVE-2025-1680
CVE-2025-1680 affects Moxa Ethernet switches. Description: an acceptance of extraneous untrusted data with trusted data vulnerability enables an administrator to inject crafted Host headers into HTTP requests to the device web service, classed as Host Header Injection. Root cause: improper handli...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
CVE-2025-1679 and CVE-2025-1680 concern Moxa Ethernet switches. CVE-2025-1679 is a stored Cross-site Scripting (XSS) in the device web interface: an authenticated admin can inject scripts that affect authenticated users, with impact on the subsequent system’s confidentiality and integrity but not...
Moxa Ethernet switches 安全漏洞
Moxa Ethernet switches is an industrial grade network switch from Moxa Corporation, Taiwan, China. A security vulnerability exists in Moxa Ethernet switches that originates from HTTP Host header injection, which may result in redirecting users, forging links, or phishing. The following products a...
EUVD-2015-6406
Malware in sbrugna...
The vulnerability of the implementation of the authorization mechanism for microprogramming software in Moxa EDS-508A switches allows a intruder to gain unauthorized access to the device’s configuration files.
The vulnerability of the authentication mechanism for Microprogramming Software on Moxa EDS-508A switches lies in the exploitation of vulnerabilities in the identification/authentication mechanism. Exploiting this vulnerability can allow an intruder, operating remotely, to gain unauthorized acces...
The vulnerability of the Diagnosis Ping function in the administrative web interface of the Ethernet switch microprogramming software from Moxa, models Moxa EDS-405A and Moxa EDS-408A, allows a hacker to execute arbitrary code.
The vulnerability of the Diagnosis Ping function in the administrative web interface of Microprogrammed Ethernet switches of the Moxa EDS-405A and Moxa EDS-408A series is related to insufficient protection of the web page structure. Exploiting this vulnerability allows a remote attacker to execut...
MOXA SDS-3008 跨站脚本漏洞
Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...
Vulnerabilities in Moxa EDS-405A series ICS Ethernet switches
Moxa has fixed vulnerabilities in Ethernet switches. The vulnerabilities allow a remote malicious person to execute arbitrary code and to perform a denial-of-service execution. Moxa has released updates to fix the vulnerabilities. More information can be found on the page below:...
Moxa PT-7528 and PT-7828 Series Weak Cryptographic Algorithm Vulnerability
Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. A weak cryptographic algorithm vulnerability exists in the Moxa PT-7528 and PT-7828 Series, which can be exploited by attackers to obtain sensitive information...
Moxa EDS-G516E and EDS-510E series buffer overflow vulnerability
Moxa EDS-G516E and EDS-510E series are both Ethernet switches manufactured by Moxa. A buffer overflow vulnerability exists in the Moxa EDS-G516E and EDS-510E series, which can be exploited by an attacker to cause a buffer overflow...
Moxa PT-7528 and PT-7828 Series Weak Password Vulnerability
Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. A weak password vulnerability exists in the Moxa PT-7528 and PT-7828 Series, which can be exploited by an attacker to gain unauthorized access to the system...
Moxa EDS-G516E and EDS-510E series hard credential vulnerability
Moxa EDS-G516E and EDS-510E series are both Ethernet switches manufactured by Moxa. A hard credential vulnerability exists in the Moxa EDS-G516E and EDS-510E series, which can be exploited by an attacker to gain access to the system without proper authentication...
The vulnerability of the microprogramming software of Moxa EDS-G508E, EDS-G512E, and EDS-G516E allows a intruder to trigger a service failure.
The vulnerability of the microprogrammed software in Moxa EDS-G508E, EDS-G512E, and EDS-G516E switches is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...