Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-10 CVE-2021-25846 Integer Underflow (Wrap or Wraparound) vulnerability in Moxa products
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.
network
low complexity
moxa CWE-191
7.8
2021-05-10 CVE-2021-25847 Out-of-bounds Read vulnerability in Moxa products
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
network
low complexity
moxa CWE-125
8.5
2021-05-10 CVE-2021-25848 Out-of-bounds Read vulnerability in Moxa products
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
network
low complexity
moxa CWE-125
8.5
2021-05-10 CVE-2021-25849 Integer Underflow (Wrap or Wraparound) vulnerability in Moxa products
An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.
network
low complexity
moxa CWE-191
7.8
2021-02-03 CVE-2020-28144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa products
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower.
network
low complexity
moxa CWE-119
7.5
2020-11-05 CVE-2020-13537 Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation.
local
low complexity
moxa CWE-276
7.2
2020-11-05 CVE-2020-13536 Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8
An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation.
local
low complexity
moxa CWE-276
7.2
2020-07-15 CVE-2020-14511 Out-of-bounds Write vulnerability in Moxa products
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
network
low complexity
moxa CWE-787
7.5
2020-03-24 CVE-2020-6995 Weak Password Requirements vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
network
low complexity
moxa CWE-521
7.5
2020-03-24 CVE-2020-6989 Out-of-bounds Write vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
network
low complexity
moxa CWE-787
7.5