Vulnerabilities > Moxa > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-25198 Session Fixation vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
network
moxa CWE-384
6.8
2020-12-23 CVE-2020-25196 Improper Restriction of Excessive Authentication Attempts vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
network
low complexity
moxa CWE-307
5.0
2020-12-23 CVE-2020-25194 Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
network
low complexity
moxa CWE-269
6.5
2020-12-23 CVE-2020-25192 Information Exposure vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
network
low complexity
moxa CWE-200
5.0
2020-12-23 CVE-2020-25190 Cleartext Transmission of Sensitive Information vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
network
low complexity
moxa CWE-319
5.0
2020-12-23 CVE-2020-25153 Weak Password Requirements vulnerability in Moxa Nport Iaw5000A-I/O Firmware
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
network
low complexity
moxa CWE-521
5.0
2020-05-01 CVE-2020-12117 Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5
Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800.
network
low complexity
moxa CWE-306
5.0
2020-03-26 CVE-2020-6999 Classic Buffer Overflow vulnerability in Moxa Mds-G516E Firmware 5.2
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
network
low complexity
moxa CWE-120
4.0
2020-03-24 CVE-2020-7001 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
network
low complexity
moxa CWE-327
5.0
2020-03-24 CVE-2020-6997 Cleartext Transmission of Sensitive Information vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
network
low complexity
moxa CWE-319
5.0