Vulnerabilities > Moxa > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-25196 Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
network
low complexity
moxa CWE-307
critical
9.8
2020-12-23 CVE-2020-25190 Cleartext Transmission of Sensitive Information vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
network
low complexity
moxa CWE-319
critical
9.8
2020-11-02 CVE-2020-23639 Command Injection vulnerability in Moxa Vport 461 Firmware 3.4
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
network
low complexity
moxa CWE-77
critical
9.8
2020-07-15 CVE-2020-14511 Out-of-bounds Write vulnerability in Moxa products
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
network
low complexity
moxa CWE-787
critical
9.8
2020-03-24 CVE-2020-7007 Out-of-bounds Write vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
network
low complexity
moxa CWE-787
critical
9.8
2020-03-24 CVE-2020-6991 Weak Password Requirements vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
network
low complexity
moxa CWE-521
critical
9.8
2020-03-24 CVE-2020-6981 Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
network
low complexity
moxa CWE-798
critical
9.8
2020-03-24 CVE-2020-6995 Weak Password Requirements vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
network
low complexity
moxa CWE-521
critical
9.8
2020-03-24 CVE-2020-6985 Use of Hard-coded Credentials vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
network
low complexity
moxa CWE-798
critical
9.8
2020-03-24 CVE-2020-6989 Out-of-bounds Write vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
network
low complexity
moxa CWE-787
critical
9.8