Moxa: Security Vulnerabilities
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.016
Published
2022-04-01
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.
CVSS Score
7.5
EPSS Score
0.016
Published
2022-04-01
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-02-18
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-01-26
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
CVSS Score
9.8
EPSS Score
0.036
Published
2022-01-26
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-27
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
10.0
EPSS Score
0.158
Published
2021-10-12
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVSS Score
9.8
EPSS Score
0.011
Published
2021-10-12
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVSS Score
9.8
EPSS Score
0.017
Published
2021-10-12