7 matches found
CVE-2018-18395
CVE-2018-18395 affects Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1. A vulnerability described as Hidden Token Access exists, with CNVD reporting that a remote attacker could gain root privileges and execute arbitrary code via a hidden API token. The CVE’s CVSS scores...
CVE-2018-18396
The CVE-2018-18396 entry concerns Moxa ThingsPro IIoT Gateway and Device Management Software Solutions, version 2.1. Multiple connected sources (CNVD-2018-21513, NVD, and related records) authorize a Remote Code Execution vulnerability in this product. The root cause is an ability for a remote at...
CVE-2018-18391
CVE-2018-18391 affects Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. The connected documents describe a user privilege escalation vulnerability in ThingsPro, but do not specify the underlying root cause, affected components, or concrete exploitation details. Pu...
CVE-2018-18392
CVE-2018-18392 describes a privilege escalation due to broken access control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions, version 2.1. Affected component is the ThingsPro product suite; the root cause is improper access control allowing elevation of privileges. Impact ...
CVE-2018-18393
CVE-2018-18393 affects Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1. Sources indicate a password management vulnerability that could allow a remote attacker to change a user’s password, implying potential account compromise. The connected CNVD entry confirms remote pa...
CVE-2018-18390
CVE-2018-18390 affects Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. Connected sources describe a user enumeration vulnerability over the network, with CNVD noting a remote attacker could use brute-force attempts to obtain a valid user password. The CVSS metric...
CVE-2018-18394
CVE-2018-18394 affects Moxa ThingsPro IIoT Gateway and Device Management Software Solutions v2.1, where the system stores sensitive information in plaintext (notably tokens). The provided sources (NVD, CNVD, PRION) describe the root cause as plaintext storage, enabling an attacker to recover acce...