Vulnerabilities > Moxa > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2021-32974 OS Command Injection vulnerability in Moxa products
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
network
low complexity
moxa CWE-78
critical
9.8
2022-04-01 CVE-2021-32976 Out-of-bounds Write vulnerability in Moxa products
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
network
low complexity
moxa CWE-787
critical
9.8
2022-01-26 CVE-2021-46560 Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
network
low complexity
moxa CWE-77
critical
9.8
2021-10-12 CVE-2021-38452 Path Traversal vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-22
critical
9.1
2021-10-12 CVE-2021-38454 Path Traversal vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-22
critical
10.0
2021-10-12 CVE-2021-38456 Use of Hard-coded Credentials vulnerability in Moxa Mxview
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
network
low complexity
moxa CWE-798
critical
9.8
2021-10-12 CVE-2021-38458 Injection vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-74
critical
9.8
2021-05-10 CVE-2021-25847 Out-of-bounds Read vulnerability in Moxa products
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
network
low complexity
moxa CWE-125
critical
9.1
2021-05-10 CVE-2021-25848 Out-of-bounds Read vulnerability in Moxa products
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
network
low complexity
moxa CWE-125
critical
9.1
2021-02-03 CVE-2020-28144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa products
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower.
network
low complexity
moxa CWE-119
critical
9.8