Vulnerabilities > Moxa > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-12 | CVE-2021-38460 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 7.5 |
| 2021-09-07 | CVE-2021-39279 | OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. | 8.8 |
| 2021-06-18 | CVE-2021-33823 | Unspecified vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 7.5 |
| 2021-06-18 | CVE-2021-33824 | Resource Exhaustion vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 7.5 |
| 2021-05-14 | CVE-2020-27185 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. | 7.5 |
| 2021-05-14 | CVE-2020-27150 | Unspecified vulnerability in Moxa products In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. | 7.5 |
| 2021-05-10 | CVE-2021-25845 | NULL Pointer Dereference vulnerability in Moxa products Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. | 7.5 |
| 2021-05-10 | CVE-2021-25846 | Integer Underflow (Wrap or Wraparound) vulnerability in Moxa products Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. | 7.5 |
| 2021-05-10 | CVE-2021-25849 | Integer Underflow (Wrap or Wraparound) vulnerability in Moxa products An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. | 7.5 |
| 2020-12-23 | CVE-2020-25198 | Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | 8.8 |