Filtered by vendor Moxa
Subscribe
Total
249 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14436 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\_CFG2.ini" without a cookie header to trigger this vulnerability. | |||||
| CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | |||||
| CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | |||||
| CVE-2017-12121 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | |||||
| CVE-2017-12128 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | |||||
| CVE-2017-14434 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\_Web\_get_value" uri to trigger this vulnerability. | |||||
| CVE-2017-12126 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. | |||||
| CVE-2017-12127 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | |||||
| CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | |||||
| CVE-2017-13702 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. | |||||
| CVE-2017-13703 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. | |||||
| CVE-2017-13700 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | |||||
| CVE-2017-13699 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. | |||||
| CVE-2017-7915 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication. | |||||
| CVE-2017-7913 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2017-16715 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. | |||||
| CVE-2017-14030 | 1 Moxa | 1 Mxview | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path. | |||||
| CVE-2017-14028 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. | |||||
| CVE-2017-16719 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. | |||||
| CVE-2017-7917 | 1 Moxa | 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device. | |||||