Vulnerabilities > Moxa > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2021-32974 | OS Command Injection vulnerability in Moxa products Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. | 9.8 |
| 2021-10-12 | CVE-2021-38454 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 10.0 |
| 2021-09-07 | CVE-2021-39279 | OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. | 9.0 |
| 2020-11-02 | CVE-2020-23639 | Command Injection vulnerability in Moxa Vport 461 Firmware A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. | 10.0 |
| 2020-03-24 | CVE-2020-7007 | Out-of-bounds Write vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | 10.0 |
| 2020-03-24 | CVE-2020-6981 | Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | 10.0 |
| 2020-03-24 | CVE-2020-6985 | Use of Hard-coded Credentials vulnerability in Moxa products In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | 10.0 |
| 2020-02-25 | CVE-2019-5162 | Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. | 9.0 |
| 2020-02-25 | CVE-2019-5142 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. | 9.0 |
| 2020-02-25 | CVE-2019-5138 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. | 9.0 |