Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Moxa Subscribe
Total 245 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5139 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 3.6 LOW 7.1 HIGH
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.
CVE-2019-5140 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 6.5 MEDIUM 8.8 HIGH
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5143 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 6.5 MEDIUM 8.8 HIGH
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5148 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 5.0 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CVE-2019-5153 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 6.5 MEDIUM 8.8 HIGH
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5162 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 9.0 HIGH 8.8 HIGH
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
CVE-2019-5165 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-06-13 6.5 MEDIUM 7.2 HIGH
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.
CVE-2020-13536 1 Moxa 1 Mxview 2022-06-07 7.2 HIGH 7.8 HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.
CVE-2020-13537 1 Moxa 1 Mxview 2022-06-07 7.2 HIGH 7.8 HIGH
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.
CVE-2020-12117 1 Moxa 2 Nport 5100a, Nport 5100a Firmware 2022-04-26 5.0 MEDIUM 5.3 MEDIUM
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVE-2022-27048 1 Moxa 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more 2022-04-25 5.8 MEDIUM 7.4 HIGH
A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower.
CVE-2021-38456 1 Moxa 1 Mxview 2022-04-25 7.5 HIGH 9.8 CRITICAL
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVE-2021-40392 1 Moxa 1 Mxview 2022-04-21 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.
CVE-2017-14459 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2022-04-19 10.0 HIGH 9.8 CRITICAL
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
CVE-2016-0879 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
CVE-2016-0878 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVE-2016-0876 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2016-0877 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 7.8 HIGH 7.5 HIGH
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVE-2016-0875 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVE-2012-4712 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2022-04-12 5.0 MEDIUM N/A
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.