Vulnerabilities > Moxa > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-09-20 CVE-2018-16282 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
network
low complexity
moxa CWE-78
critical
9.0
2018-04-11 CVE-2017-14459 OS Command Injection vulnerability in Moxa Awk-3131A Firmware
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current).
network
low complexity
moxa CWE-78
critical
10.0
2018-04-02 CVE-2016-8717 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-798
critical
9.8
2017-04-20 CVE-2016-8721 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1.
network
low complexity
moxa CWE-78
critical
9.1
2017-02-13 CVE-2016-9369 Improper Authentication vulnerability in Moxa products
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.
network
low complexity
moxa CWE-287
critical
10.0
2016-08-24 CVE-2016-5799 Improper Authorization vulnerability in Moxa Oncell G3001 Firmware and Oncell G3100V2 Firmware
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
low complexity
moxa CWE-285
critical
10.0
2011-02-18 CVE-2010-4742 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Moxa Activex SDK
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.
network
low complexity
moxa CWE-119
critical
10.0
2011-02-18 CVE-2010-4741 Buffer Errors vulnerability in Moxa Device Manager and MDM Tool
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.
network
moxa CWE-119
critical
9.3