Vulnerabilities > Moxa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-4740 | Use of Hard-coded Credentials vulnerability in Moxa Mxsecurity 1.0/1.0.1/1.1.0 MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. | 7.5 |
| 2024-09-21 | CVE-2024-6785 | Cleartext Storage of Sensitive Information vulnerability in Moxa Mxview ONE and Mxview ONE Central Manager The configuration file stores credentials in cleartext. | 7.1 |
| 2024-09-21 | CVE-2024-6786 | Path Traversal vulnerability in Moxa Mxview ONE The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. | 6.5 |
| 2024-09-21 | CVE-2024-6787 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). | 5.9 |
| 2024-06-25 | CVE-2024-4639 | Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. | 8.8 |
| 2024-06-25 | CVE-2024-4640 | Classic Buffer Overflow vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. | 8.2 |
| 2024-06-25 | CVE-2024-4641 | Use of Externally-Controlled Format String vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. | 9.8 |
| 2024-06-25 | CVE-2024-4638 | Command Injection vulnerability in Moxa products OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. | 8.8 |
| 2023-12-31 | CVE-2023-6093 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 6.1 |
| 2023-12-31 | CVE-2023-6094 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Oncell G3150A-Lte Firmware A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. | 5.3 |