Vulnerabilities (CVE)

Vendor filter

Moxa Subscribe

Filter

145 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10969 1 Moxa 1 Edr-810 Firmware 2019-10-16 6.5
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
CVE-2019-6565 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 4.3
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2019-6563 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 10.0
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVE-2019-6561 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 6.8
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6559 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 4.0
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2019-6557 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 7.5
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6526 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to...
CVE-2019-6524 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVE-2019-6522 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 8.5
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVE-2019-6520 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
CVE-2019-6518 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2018-5455 1 Moxa 4 Oncell G3110-hspa-t Firmware, Oncell G3110-hspa Firmware, Oncell G3150-hspa-t Firmware and 1 more 2019-10-09 7.5
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker...
CVE-2018-5453 1 Moxa 4 Oncell G3110-hspa-t Firmware, Oncell G3110-hspa Firmware, Oncell G3150-hspa-t Firmware and 1 more 2019-10-09 7.8
An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable.
CVE-2018-5449 1 Moxa 4 Oncell G3110-hspa-t Firmware, Oncell G3110-hspa Firmware, Oncell G3150-hspa-t Firmware and 1 more 2019-10-09 3.3
A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack.
CVE-2018-10632 1 Moxa 3 Nport 5210 Firmware, Nport 5230 Firmware, Nport 5232 Firmware 2019-10-09 5.0
In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.
CVE-2017-7917 1 Moxa 6 Oncell 5104-hsdpa Firmware, Oncell 5004-hspa Firmware, Oncell G3110-hspa Firmware and 3 more 2019-10-09 6.8
A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and...
CVE-2017-7915 1 Moxa 6 Oncell 5104-hsdpa Firmware, Oncell 5004-hspa Firmware, Oncell G3110-hspa Firmware and 3 more 2019-10-09 7.5
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA...
CVE-2017-7913 1 Moxa 6 Oncell 5104-hsdpa Firmware, Oncell 5004-hspa Firmware, Oncell G3110-hspa Firmware and 3 more 2019-10-09 5.0
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315...
CVE-2017-5170 1 Moxa 1 Softnvr-ia Live View 2019-10-09 6.5
An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability,...
CVE-2017-16719 1 Moxa 3 Nport 5110 Firmware, Nport 5130 Firmware, Nport 5150 Firmware 2019-10-09 5.0
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject...