Vulnerabilities > Moxa

DATE CVE VULNERABILITY TITLE RISK
2016-06-19 CVE-2016-4514 Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
network
high complexity
moxa CWE-863
7.7
2016-06-01 CVE-2016-4500 7PK - Security Features vulnerability in Moxa Uc-7408 Lx-Plus and Uc-7408 Lx-Plus Firmware
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
network
high complexity
moxa CWE-254
5.8
2016-05-31 CVE-2016-2295 Information Exposure vulnerability in Moxa products
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file.
network
low complexity
moxa CWE-200
7.5
2016-05-31 CVE-2016-2286 Improper Authentication vulnerability in Moxa products
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.
network
low complexity
moxa CWE-287
7.5
2016-05-31 CVE-2016-2285 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
moxa CWE-352
8.8
2016-05-31 CVE-2016-0879 Information Exposure Through Log Files vulnerability in Moxa Edr-G903 Firmware
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
network
low complexity
moxa CWE-532
7.5
2016-05-31 CVE-2016-0878 Unspecified vulnerability in Moxa Edr-G903 Firmware
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
network
low complexity
moxa
7.5
2016-05-31 CVE-2016-0877 Missing Release of Resource after Effective Lifetime vulnerability in Moxa Edr-G903 Firmware
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
network
low complexity
moxa CWE-772
7.5
2016-05-31 CVE-2016-0876 Cleartext Storage of Sensitive Information vulnerability in Moxa Edr-G903 Firmware
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
network
low complexity
moxa CWE-312
7.5
2016-05-31 CVE-2016-0875 Information Exposure Through Log Files vulnerability in Moxa Edr-G903 Firmware
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
network
low complexity
moxa CWE-532
7.5