Vulnerabilities > Moxa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-04 | CVE-2016-2283 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.0 |
| 2016-03-04 | CVE-2016-2282 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.0 |
| 2015-12-21 | CVE-2015-6481 | Unspecified vulnerability in Moxa Oncell Central Manager 2.0 The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | 7.5 |
| 2015-12-21 | CVE-2015-6480 | Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0 The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | 7.5 |
| 2015-09-11 | CVE-2015-6466 | Cross-site Scripting vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | 4.3 |
| 2015-09-11 | CVE-2015-6465 | Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | 6.8 |
| 2015-09-11 | CVE-2015-6464 | Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | 8.5 |
| 2015-06-05 | CVE-2015-1000 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Softcms 1.2 Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. | 6.8 |
| 2015-05-26 | CVE-2015-0986 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Vport Activex SDK Plus Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. | 7.5 |
| 2013-08-09 | CVE-2012-3039 | Cryptographic Issues vulnerability in Moxa products Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. | 7.1 |