Moxa: Security Vulnerabilities
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-18
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-01-26
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
CVSS Score
9.8
EPSS Score
0.023
Published
2022-01-26
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVSS Score
9.8
EPSS Score
0.001
Published
2021-12-27
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
10.0
EPSS Score
0.006
Published
2021-10-12
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVSS Score
9.8
EPSS Score
0.002
Published
2021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-10-12
Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-07