Vulnerabilities > Moxa > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-25194 | Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | 8.8 |
| 2020-12-23 | CVE-2020-25153 | Weak Password Requirements vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | 7.5 |
| 2020-11-05 | CVE-2020-13537 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.8 |
| 2020-11-05 | CVE-2020-13536 | Incorrect Default Permissions vulnerability in Moxa Mxview 3.1.8 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. | 7.8 |
| 2020-03-24 | CVE-2020-7001 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | 7.5 |
| 2020-03-24 | CVE-2020-6997 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | 7.5 |
| 2020-03-24 | CVE-2020-6979 | Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | 7.5 |
| 2020-03-24 | CVE-2020-6993 | Information Exposure vulnerability in Moxa products In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. | 7.5 |
| 2020-03-24 | CVE-2020-6987 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | 7.5 |
| 2020-03-24 | CVE-2020-6983 | Use of Hard-coded Credentials vulnerability in Moxa products In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | 7.5 |