Moxa: Security Vulnerabilities
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
CVSS Score
8.8
EPSS Score
0.011
Published
2020-12-23
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.
CVSS Score
9.3
EPSS Score
0.005
Published
2020-11-05
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.
CVSS Score
9.3
EPSS Score
0.005
Published
2020-11-05
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
CVSS Score
9.8
EPSS Score
0.031
Published
2020-11-02
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
CVSS Score
9.8
EPSS Score
0.014
Published
2020-07-15
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. NOTE: Moxa Service is an unauthenticated service that runs upon a first-time installation but can be disabled without ill effect.
CVSS Score
5.3
EPSS Score
0.014
Published
2020-05-01
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-03-26
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-03-24
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-03-24
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-03-24