Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-06 CVE-2018-19659 OS Command Injection vulnerability in Moxa Nport W2X50A Firmware 1.11
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311.
network
low complexity
moxa CWE-78
8.8
2018-10-19 CVE-2018-18392 Unspecified vulnerability in Moxa Thingspro 2.1
Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
8.8
2018-10-19 CVE-2018-18391 Unspecified vulnerability in Moxa Thingspro 2.1
User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa
8.8
2018-10-19 CVE-2018-18390 Information Exposure vulnerability in Moxa Thingspro 2.1
User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
network
low complexity
moxa CWE-200
7.5
2018-09-20 CVE-2018-16282 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.
network
low complexity
moxa CWE-78
8.8
2018-07-24 CVE-2018-10632 Resource Exhaustion vulnerability in Moxa products
In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition.
network
low complexity
moxa CWE-400
7.5
2018-05-14 CVE-2017-14439 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
2018-05-14 CVE-2017-14438 Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-20
7.5
2018-05-14 CVE-2017-14437 NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-476
7.5
2018-05-14 CVE-2017-14436 NULL Pointer Dereference vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-476
7.5