Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-23 | CVE-2020-25194 | Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | 6.5 |
| 2020-12-23 | CVE-2020-25192 | Information Exposure vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. | 5.0 |
| 2020-12-23 | CVE-2020-25190 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. | 5.0 |
| 2020-12-23 | CVE-2020-25153 | Weak Password Requirements vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. | 5.0 |
| 2020-05-01 | CVE-2020-12117 | Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5 Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800. | 5.0 |
| 2020-03-26 | CVE-2020-6999 | Classic Buffer Overflow vulnerability in Moxa Mds-G516E Firmware 5.2 In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. | 4.0 |
| 2020-03-24 | CVE-2020-7001 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. | 5.0 |
| 2020-03-24 | CVE-2020-6997 | Cleartext Transmission of Sensitive Information vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | 5.0 |
| 2020-03-24 | CVE-2020-6991 | Weak Password Requirements vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. | 5.0 |
| 2020-03-24 | CVE-2020-6979 | Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | 5.0 |