Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Moxa Subscribe
Total 245 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14439 1 Moxa 2 Edr-810, Edr-810 Firmware 2022-12-07 5.0 MEDIUM 7.5 HIGH
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.
CVE-2022-3086 1 Moxa 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more 2022-12-07 N/A 7.6 HIGH
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.
CVE-2022-3088 2 Debian, Moxa 129 Debian Linux, Aig-301-ap-azu-lx, Aig-301-ap-azu-lx Firmware and 126 more 2022-12-07 N/A 7.8 HIGH
UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Image: Versions v2.0 and v2.1, UC-8540 with Debian 9 System Image: Versions v2.0 and v2.1, and DA-662C-16-LX (GLB) System Image: Versions v1.0.2 to v1.1.2 of Moxa's ARM-based computers have an execution with unnecessary privileges vulnerability, which could allow an attacker with user-level privileges to gain root privileges.
CVE-2019-6522 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 8.5 HIGH 9.1 CRITICAL
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
CVE-2019-6565 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 4.3 MEDIUM 6.1 MEDIUM
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVE-2019-6561 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6559 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 4.0 MEDIUM 6.5 MEDIUM
Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2019-6557 1 Moxa 8 Eds-405a, Eds-405a Firmware, Eds-408a and 5 more 2022-11-30 7.5 HIGH 9.8 CRITICAL
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2021-38454 1 Moxa 1 Mxview 2022-10-25 7.5 HIGH 10.0 CRITICAL
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38460 1 Moxa 1 Mxview 2022-10-25 5.0 MEDIUM 7.5 HIGH
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-40390 1 Moxa 1 Mxview 2022-10-24 7.5 HIGH 9.8 CRITICAL
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-2044 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2022-09-06 N/A 8.2 HIGH
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.
CVE-2022-2043 1 Moxa 2 Nport 5110, Nport 5110 Firmware 2022-09-06 N/A 7.5 HIGH
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.
CVE-2020-27184 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2022-07-12 4.3 MEDIUM 5.9 MEDIUM
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
CVE-2021-33823 1 Moxa 2 Mgate Mb3180, Mgate Mb3180 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2019-5136 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 9.0 HIGH 8.8 HIGH
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5137 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 5.0 MEDIUM 7.5 HIGH
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
CVE-2019-5138 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 9.0 HIGH 9.9 CRITICAL
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5142 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 9.0 HIGH 7.2 HIGH
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.
CVE-2019-5140 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 6.5 MEDIUM 8.8 HIGH
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.