Vulnerabilities > Moxa > Nport Iaw5000A I O Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-25198 Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
network
moxa CWE-384
6.8
2020-12-23 CVE-2020-25196 Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
network
low complexity
moxa CWE-307
5.0
2020-12-23 CVE-2020-25194 Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
network
low complexity
moxa CWE-269
6.5
2020-12-23 CVE-2020-25192 Information Exposure vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
network
low complexity
moxa CWE-200
5.0
2020-12-23 CVE-2020-25190 Cleartext Transmission of Sensitive Information vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
network
low complexity
moxa CWE-319
5.0
2020-12-23 CVE-2020-25153 Weak Password Requirements vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
network
low complexity
moxa CWE-521
5.0