Shodan
Vulnerabilities
Vulnerable Software
Moxa:  Security Vulnerabilities
CVE-2016-5792
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
CVSS Score
9.8
EPSS Score
0.017
Published
2016-08-08
CVE-2016-5804
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
CVSS Score
9.8
EPSS Score
0.002
Published
2016-07-15
CVE-2016-4503
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
CVSS Score
9.8
EPSS Score
0.013
Published
2016-07-12
CVE-2016-4514
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
CVSS Score
7.7
EPSS Score
0.003
Published
2016-06-19
CVE-2016-4500
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
CVSS Score
5.8
EPSS Score
0.002
Published
2016-06-01
CVE-2016-2295
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.
CVSS Score
7.5
EPSS Score
0.007
Published
2016-05-31
CVE-2016-2286
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-05-31
CVE-2016-0879
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
CVSS Score
7.5
EPSS Score
0.008
Published
2016-05-31
CVE-2016-2285
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
8.8
EPSS Score
0.002
Published
2016-05-31
CVE-2016-0878
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVSS Score
7.5
EPSS Score
0.007
Published
2016-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved