Shodan
Vulnerabilities
Vulnerable Software
Moxa:  Security Vulnerabilities
CVE-2018-19659
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-12-06
CVE-2018-19660
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
CVSS Score
8.8
EPSS Score
0.022
Published
2018-12-06
CVE-2018-18390
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18391
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18392
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18393
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-19
CVE-2018-18394
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-10-19
CVE-2018-18395
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-19
CVE-2018-18396
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.02
Published
2018-10-19
CVE-2018-16282
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
CVSS Score
8.8
EPSS Score
0.042
Published
2018-09-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved