Vulnerabilities > Moxa
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-23 | CVE-2020-25198 | Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | 8.8 |
2020-12-23 | CVE-2020-25196 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | 9.8 |
2020-12-23 | CVE-2020-25194 | Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | 8.8 |
2020-12-23 | CVE-2020-25192 | Information Exposure vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. | 5.3 |
2020-12-23 | CVE-2020-25190 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | 9.8 |
2020-12-23 | CVE-2020-25153 | Weak Password Requirements vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | 7.5 |
2020-11-05 | CVE-2020-13537 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.8 |
2020-11-05 | CVE-2020-13536 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.8 |
2020-11-02 | CVE-2020-23639 | Command Injection vulnerability in Moxa Vport 461 Firmware 3.4 A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | 9.8 |
2020-07-15 | CVE-2020-14511 | Out-of-bounds Write vulnerability in Moxa products Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). | 9.8 |