Vulnerabilities (CVE)

Filtered by vendor Moxa Subscribe
Total 261 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46559 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
CVE-2021-38454 1 Moxa 1 Mxview 2024-02-04 7.5 HIGH 10.0 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38458 1 Moxa 1 Mxview 2024-02-04 7.5 HIGH 9.8 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-4161 1 Moxa 6 Mgate Mb3180, Mgate Mb3180 Firmware, Mgate Mb3280 and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVE-2021-38460 1 Moxa 1 Mxview 2024-02-04 5.0 MEDIUM 7.5 HIGH
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-46560 1 Moxa 2 Tn-5900, Tn-5900 Firmware 2024-02-04 7.5 HIGH 9.8 CRITICAL
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
CVE-2021-38456 1 Moxa 1 Mxview 2024-02-04 7.5 HIGH 9.8 CRITICAL
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVE-2021-38452 1 Moxa 1 Mxview 2024-02-04 6.4 MEDIUM 9.1 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2020-27149 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
CVE-2020-27185 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVE-2021-39278 1 Moxa 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.
CVE-2021-33823 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-25849 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 7.8 HIGH 7.5 HIGH
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
CVE-2021-33824 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2020-27150 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.
CVE-2021-25846 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 7.8 HIGH 7.5 HIGH
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
CVE-2021-25847 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
CVE-2021-39279 1 Moxa 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more 2024-02-04 9.0 HIGH 8.8 HIGH
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.
CVE-2021-25845 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.
CVE-2021-25848 1 Moxa 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more 2024-02-04 8.5 HIGH 9.1 CRITICAL
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.