Vulnerabilities > Moxa > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-24 CVE-2020-6991 Weak Password Requirements vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
network
low complexity
moxa CWE-521
5.0
2020-03-24 CVE-2020-6979 Use of Hard-coded Credentials vulnerability in Moxa Eds-510E Firmware and Eds-G516E Firmware
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.
network
low complexity
moxa CWE-798
5.0
2020-03-24 CVE-2020-6993 Information Exposure vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization.
network
low complexity
moxa CWE-200
5.0
2020-03-24 CVE-2020-6987 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
network
low complexity
moxa CWE-327
5.0
2020-03-24 CVE-2020-6983 Use of Hard-coded Credentials vulnerability in Moxa products
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered.
network
low complexity
moxa CWE-798
5.0
2020-03-24 CVE-2020-7003 Cleartext Transmission of Sensitive Information vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text.
network
low complexity
moxa CWE-319
5.0
2020-03-24 CVE-2019-18242 Unspecified vulnerability in Moxa products
In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail.
network
low complexity
moxa
5.0
2020-03-11 CVE-2019-9104 Insufficiently Protected Credentials vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-522
5.0
2020-03-11 CVE-2019-9103 Information Exposure vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-200
5.0
2020-03-11 CVE-2019-9102 Cross-Site Request Forgery (CSRF) vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
moxa CWE-352
6.8