Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2024-09-21 CVE-2024-6785 Cleartext Storage of Sensitive Information vulnerability in Moxa Mxview ONE and Mxview ONE Central Manager
The configuration file stores credentials in cleartext.
local
low complexity
moxa CWE-312
7.1
2024-09-21 CVE-2024-6786 Path Traversal vulnerability in Moxa Mxview ONE
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system.
network
low complexity
moxa CWE-22
6.5
2024-09-21 CVE-2024-6787 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Moxa Mxview ONE
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU).
network
high complexity
moxa CWE-367
5.9
2024-06-25 CVE-2024-4639 Command Injection vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration.
network
low complexity
moxa CWE-77
8.8
2024-06-25 CVE-2024-4640 Classic Buffer Overflow vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations.
network
low complexity
moxa CWE-120
8.2
2024-06-25 CVE-2024-4641 Use of Externally-Controlled Format String vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument.
network
low complexity
moxa CWE-134
critical
9.8
2024-06-25 CVE-2024-4638 Command Injection vulnerability in Moxa products
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function.
network
low complexity
moxa CWE-77
8.8
2023-12-31 CVE-2023-6093 Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior.
network
low complexity
moxa CWE-1021
6.1
2023-12-31 CVE-2023-6094 Cleartext Transmission of Sensitive Information vulnerability in Moxa Oncell G3150A-Lte Firmware
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior.
network
low complexity
moxa CWE-319
5.3
2023-12-23 CVE-2023-5961 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior.
network
low complexity
moxa CWE-352
8.8