Vulnerabilities > Moxa > EDS 408A > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2019-6524 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa products Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. | 5.0 |
| 2019-03-05 | CVE-2019-6520 | Unspecified vulnerability in Moxa products Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. | 5.0 |
| 2019-03-05 | CVE-2019-6518 | Missing Encryption of Sensitive Data vulnerability in Moxa products Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. | 5.0 |
| 2015-09-11 | CVE-2015-6466 | Cross-site Scripting vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | 4.3 |
| 2015-09-11 | CVE-2015-6465 | Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | 6.8 |