Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-01 | CVE-2016-4500 | 7PK - Security Features vulnerability in Moxa Uc-7408 Lx-Plus and Uc-7408 Lx-Plus Firmware Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | 4.9 |
| 2016-05-31 | CVE-2016-2295 | Information Exposure vulnerability in Moxa products Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. | 5.0 |
| 2016-05-31 | CVE-2016-2286 | Improper Authentication vulnerability in Moxa products Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. | 5.0 |
| 2016-05-31 | CVE-2016-2285 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-05-31 | CVE-2016-0876 | Cleartext Storage of Sensitive Information vulnerability in Moxa Edr-G903 Firmware Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | 5.0 |
| 2016-05-31 | CVE-2016-0875 | Information Exposure Through Log Files vulnerability in Moxa Edr-G903 Firmware Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | 5.0 |
| 2016-03-04 | CVE-2016-2283 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.0 |
| 2016-03-04 | CVE-2016-2282 | Credentials Management vulnerability in Moxa Ioadmin Firmware and Iologik Firmware Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt credentials, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | 5.0 |
| 2015-09-11 | CVE-2015-6466 | Cross-site Scripting vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | 4.3 |
| 2015-09-11 | CVE-2015-6465 | Unspecified vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | 6.8 |