Vulnerabilities > Moxa > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-31 | CVE-2016-0877 | Missing Release of Resource after Effective Lifetime vulnerability in Moxa Edr-G903 Firmware Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | 7.8 |
| 2015-12-21 | CVE-2015-6481 | Unspecified vulnerability in Moxa Oncell Central Manager 2.0 The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | 7.5 |
| 2015-12-21 | CVE-2015-6480 | Improper Authentication vulnerability in Moxa Oncell Central Manager 2.0 The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | 7.5 |
| 2015-09-11 | CVE-2015-6464 | Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | 8.5 |
| 2015-05-26 | CVE-2015-0986 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Vport Activex SDK Plus Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. | 7.5 |
| 2013-08-09 | CVE-2012-3039 | Cryptographic Issues vulnerability in Moxa products Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. | 7.1 |
| 2013-02-15 | CVE-2012-4694 | Cryptographic Issues vulnerability in Moxa Edr-G903 and EDR G903 Firmware Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | 7.6 |