Vulnerabilities > Moxa > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2019-5138 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
critical
9.0
2020-02-25 CVE-2019-5136 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
critical
9.0
2020-02-14 CVE-2020-8858 OS Command Injection vulnerability in Moxa products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1.
network
low complexity
moxa CWE-78
critical
9.0
2019-06-07 CVE-2018-10698 Missing Encryption of Sensitive Data vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
low complexity
moxa CWE-311
critical
9.8
2019-03-05 CVE-2019-6563 Information Exposure vulnerability in Moxa products
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
network
low complexity
moxa CWE-200
critical
10.0
2019-03-05 CVE-2019-6557 Classic Buffer Overflow vulnerability in Moxa products
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
network
low complexity
moxa CWE-120
critical
9.8
2019-03-05 CVE-2019-6522 Out-of-bounds Read vulnerability in Moxa products
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
network
low complexity
moxa CWE-125
critical
9.1
2018-12-06 CVE-2018-19660 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
critical
9.0
2018-12-06 CVE-2018-19659 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
critical
9.0
2018-10-19 CVE-2018-18395 Unspecified vulnerability in Moxa Thingspro 2.1
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
critical
10.0