Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-14 | CVE-2021-40392 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Mxview 3.2.4 An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. | 5.0 |
| 2022-04-01 | CVE-2021-32968 | Classic Buffer Overflow vulnerability in Moxa products Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. | 5.0 |
| 2021-12-27 | CVE-2021-4161 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. | 5.0 |
| 2021-10-12 | CVE-2021-38452 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 6.4 |
| 2021-09-07 | CVE-2021-39278 | Cross-site Scripting vulnerability in Moxa products Certain MOXA devices allow reflected XSS via the Config Import menu. | 4.3 |
| 2021-06-18 | CVE-2021-33823 | Unspecified vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 5.0 |
| 2021-06-18 | CVE-2021-33824 | Resource Exhaustion vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 5.0 |
| 2021-05-14 | CVE-2020-27184 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products The NPort IA5000A Series devices use Telnet as one of the network device management services. | 5.9 |
| 2021-05-14 | CVE-2020-27149 | Unspecified vulnerability in Moxa products By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. | 6.5 |
| 2021-05-10 | CVE-2021-25845 | NULL Pointer Dereference vulnerability in Moxa products Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. | 5.0 |