Filtered by vendor Moxa
Subscribe
Total
280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
| CVE-2017-12729 | 1 Moxa | 1 Softcms Lab View | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. | |||||
| CVE-2017-12129 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 2.9 LOW | 8.0 HIGH |
| An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
| CVE-2017-12126 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. | |||||
| CVE-2017-12125 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability. | |||||
| CVE-2017-12124 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. | |||||
| CVE-2017-12123 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 3.3 LOW | 8.8 HIGH |
| An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | |||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | |||||
| CVE-2017-12120 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | |||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | |||||
| CVE-2015-6458 | 1 Moxa | 1 Softcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||||
| CVE-2015-6457 | 1 Moxa | 1 Softcms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||||
| CVE-2024-4739 | 1 Moxa | 1 Mxsecurity | 2024-10-22 | N/A | 7.5 HIGH |
| The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource. | |||||
| CVE-2024-4740 | 1 Moxa | 1 Mxsecurity | 2024-10-18 | N/A | 7.5 HIGH |
| MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data. | |||||
| CVE-2024-6786 | 1 Moxa | 1 Mxview One | 2024-09-30 | N/A | 6.5 MEDIUM |
| The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. | |||||
| CVE-2024-6787 | 1 Moxa | 1 Mxview One | 2024-09-30 | N/A | 5.9 MEDIUM |
| This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. | |||||
| CVE-2024-6785 | 1 Moxa | 2 Mxview One, Mxview One Central Manager | 2024-09-27 | N/A | 7.1 HIGH |
| The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. | |||||