Vulnerabilities > Moxa > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2021-40392 Cleartext Transmission of Sensitive Information vulnerability in Moxa Mxview 3.2.4
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4.
network
low complexity
moxa CWE-319
5.0
2022-04-01 CVE-2021-32968 Classic Buffer Overflow vulnerability in Moxa products
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.
network
low complexity
moxa CWE-120
5.0
2021-12-27 CVE-2021-4161 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details.
network
low complexity
moxa CWE-319
5.0
2021-10-12 CVE-2021-38452 Path Traversal vulnerability in Moxa Mxview
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
network
low complexity
moxa CWE-22
6.4
2021-09-07 CVE-2021-39278 Cross-site Scripting vulnerability in Moxa products
Certain MOXA devices allow reflected XSS via the Config Import menu.
network
moxa CWE-79
4.3
2021-06-18 CVE-2021-33823 Unspecified vulnerability in Moxa Mgate Mb3180 Firmware 2.1
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012.
network
low complexity
moxa
5.0
2021-06-18 CVE-2021-33824 Resource Exhaustion vulnerability in Moxa Mgate Mb3180 Firmware 2.1
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012.
network
low complexity
moxa CWE-400
5.0
2021-05-14 CVE-2020-27184 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
The NPort IA5000A Series devices use Telnet as one of the network device management services.
network
high complexity
moxa CWE-319
5.9
2021-05-14 CVE-2020-27149 Unspecified vulnerability in Moxa products
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.
network
low complexity
moxa
6.5
2021-05-10 CVE-2021-25845 NULL Pointer Dereference vulnerability in Moxa products
Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.
network
low complexity
moxa CWE-476
5.0