Filtered by vendor Moxa
Subscribe
Total
282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3336 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2023-07-10 | N/A | 5.3 MEDIUM |
| TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. | |||||
| CVE-2021-32974 | 1 Moxa | 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more | 2023-06-26 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | |||||
| CVE-2023-33235 | 1 Moxa | 1 Mxsecurity | 2023-05-30 | N/A | 8.8 HIGH |
| MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. | |||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2023-05-30 | N/A | 9.8 CRITICAL |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | |||||
| CVE-2023-28697 | 1 Moxa | 2 Miineport E1, Miineport E1 Firmware | 2023-05-05 | N/A | 9.8 CRITICAL |
| Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | |||||
| CVE-2018-10690 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials. | |||||
| CVE-2018-10694 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well. | |||||
| CVE-2018-10697 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. | |||||
| CVE-2018-10698 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. | |||||
| CVE-2018-10702 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2023-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "iw_filename" is susceptible to command injection via shell metacharacters. | |||||
| CVE-2022-40693 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-16 | N/A | 7.5 HIGH |
| A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2022-41311 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-16 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | |||||
| CVE-2022-41312 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | |||||
| CVE-2022-41313 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | |||||
| CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40224 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2023-02-15 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-14 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | |||||
| CVE-2017-12120 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2022-12-14 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | |||||
| CVE-2016-8716 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 3.3 LOW | 7.5 HIGH |
| An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | |||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||