Vulnerabilities > Moxa > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2021-40390 Use of Hard-coded Credentials vulnerability in Moxa Mxview 3.2.4
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4.
network
low complexity
moxa CWE-798
critical
9.8
2022-04-01 CVE-2021-32974 OS Command Injection vulnerability in Moxa products
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
network
low complexity
moxa CWE-78
critical
9.8
2021-10-12 CVE-2021-38454 Path Traversal vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-22
critical
10.0
2021-09-07 CVE-2021-39279 OS Command Injection vulnerability in Moxa products
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP.
network
low complexity
moxa CWE-78
critical
9.0
2020-11-02 CVE-2020-23639 Command Injection vulnerability in Moxa Vport 461 Firmware
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
network
low complexity
moxa CWE-77
critical
10.0
2020-03-24 CVE-2020-7007 Out-of-bounds Write vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
network
low complexity
moxa CWE-787
critical
10.0
2020-03-24 CVE-2020-6981 Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
network
low complexity
moxa CWE-798
critical
10.0
2020-03-24 CVE-2020-6985 Use of Hard-coded Credentials vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
network
low complexity
moxa CWE-798
critical
10.0
2020-02-25 CVE-2019-5162 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
critical
9.0
2020-02-25 CVE-2019-5142 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
critical
9.0