Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-31 CVE-2016-0877 Missing Release of Resource after Effective Lifetime vulnerability in Moxa Edr-G903 Firmware
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
network
low complexity
moxa CWE-772
7.8
2015-12-21 CVE-2015-6481 Unspecified vulnerability in Moxa Oncell Central Manager 2.0
The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session.
network
low complexity
moxa
7.5
2015-12-21 CVE-2015-6480 Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.
network
low complexity
moxa CWE-287
7.5
2015-09-11 CVE-2015-6464 Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin.
network
low complexity
moxa
8.5
2015-05-26 CVE-2015-0986 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Vport Activex SDK Plus
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.
network
low complexity
moxa CWE-119
7.5
2013-08-09 CVE-2012-3039 Cryptographic Issues vulnerability in Moxa products
Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere.
network
high complexity
moxa CWE-310
7.1
2013-02-15 CVE-2012-4694 Cryptographic Issues vulnerability in Moxa Edr-G903 and EDR G903 Firmware
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
network
high complexity
moxa CWE-310
7.6