Vulnerabilities > Moxa > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-13 | CVE-2016-9361 | Improper Authentication vulnerability in Moxa products An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. | 9.8 |
| 2017-02-13 | CVE-2016-9333 | SQL Injection vulnerability in Moxa Softcms An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. | 9.8 |
| 2017-02-13 | CVE-2016-8363 | Permissions, Privileges, and Access Controls vulnerability in Moxa products An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. | 10.0 |
| 2016-08-24 | CVE-2016-5799 | Improper Authorization vulnerability in Moxa Oncell G3001 Firmware and Oncell G3100V2 Firmware Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.8 |
| 2016-08-08 | CVE-2016-5792 | SQL Injection vulnerability in Moxa Softcms 1.2/1.3/1.4 SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | 9.8 |
| 2016-07-15 | CVE-2016-5804 | Inadequate Encryption Strength vulnerability in Moxa products Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | 9.8 |
| 2016-07-12 | CVE-2016-4503 | Improper Authentication vulnerability in Moxa Device Server web Console 5232-N Firmware Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. | 9.8 |