Vulnerabilities > Moxa > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-25 CVE-2019-5143 Use of Externally-Controlled Format String vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-134
8.8
8.8
2020-02-25 CVE-2019-5142 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
7.2
7.2
2020-02-25 CVE-2019-5141 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
8.8
2020-02-25 CVE-2019-5140 OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-78
8.8
8.8
2020-02-25 CVE-2019-5139 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13.
local
low complexity
moxa CWE-798
7.1
7.1
2020-02-25 CVE-2019-5137 Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa CWE-798
7.5
7.5
2020-02-25 CVE-2019-5136 Unspecified vulnerability in Moxa Awk-3131A Firmware 1.13
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13.
network
low complexity
moxa
8.8
8.8
2020-02-14 CVE-2020-8858 OS Command Injection vulnerability in Moxa products
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1.
network
low complexity
moxa CWE-78
8.8
8.8
2019-12-11 CVE-2019-19707 Unspecified vulnerability in Moxa products
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
network
low complexity
moxa
7.5
7.5
2019-10-08 CVE-2019-10969 Improper Input Validation vulnerability in Moxa Edr-810 Firmware
Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution.
network
low complexity
moxa CWE-20
7.2
7.2