Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-27 | CVE-2021-4161 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. | 5.0 |
| 2021-10-12 | CVE-2021-38452 | Path Traversal vulnerability in Moxa Mxview A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | 6.4 |
| 2021-09-07 | CVE-2021-39278 | Cross-site Scripting vulnerability in Moxa products Certain MOXA devices allow reflected XSS via the Config Import menu. | 4.3 |
| 2021-06-18 | CVE-2021-33823 | Unspecified vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 5.0 |
| 2021-06-18 | CVE-2021-33824 | Resource Exhaustion vulnerability in Moxa Mgate Mb3180 Firmware 2.1 An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. | 5.0 |
| 2021-05-14 | CVE-2020-27184 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products The NPort IA5000A Series devices use Telnet as one of the network device management services. | 5.9 |
| 2021-05-14 | CVE-2020-27149 | Unspecified vulnerability in Moxa products By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. | 6.5 |
| 2021-05-10 | CVE-2021-25845 | NULL Pointer Dereference vulnerability in Moxa products Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet. | 5.0 |
| 2020-12-23 | CVE-2020-25198 | Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. | 6.8 |
| 2020-12-23 | CVE-2020-25196 | Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. | 5.0 |