Shodan
Vulnerabilities
Vulnerable Software
Moxa:  Security Vulnerabilities
CVE-2019-6563
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
CVSS Score
9.8
EPSS Score
0.017
Published
2019-03-05
CVE-2019-6565
Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be used to send a malicious script.
CVSS Score
6.1
EPSS Score
0.011
Published
2019-03-05
CVE-2018-19659
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
CVSS Score
8.8
EPSS Score
0.043
Published
2018-12-06
CVE-2018-19660
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
CVSS Score
8.8
EPSS Score
0.309
Published
2018-12-06
CVE-2018-18390
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-10-19
CVE-2018-18391
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-10-19
CVE-2018-18392
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-10-19
CVE-2018-18393
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-10-19
CVE-2018-18394
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.007
Published
2018-10-19
CVE-2018-18395
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-10-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved