Vulnerabilities > Moxa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-25 | CVE-2019-5141 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. | 6.5 |
| 2020-02-25 | CVE-2019-5140 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.13 An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. | 6.5 |
| 2020-02-25 | CVE-2019-5137 | Use of Hard-coded Credentials vulnerability in Moxa Awk-3131A Firmware 1.13 The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | 5.0 |
| 2019-10-08 | CVE-2019-10969 | Improper Input Validation vulnerability in Moxa Edr-810 Firmware 4.1/4.2/5.1 Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | 6.5 |
| 2019-10-08 | CVE-2019-10963 | Unspecified vulnerability in Moxa Edr-810 Firmware Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. network moxa | 4.3 |
| 2019-07-03 | CVE-2018-11421 | Cleartext Transmission of Sensitive Information vulnerability in Moxa products Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. | 5.0 |
| 2019-07-03 | CVE-2018-11427 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa products CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | 6.8 |
| 2019-06-07 | CVE-2018-10703 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 6.8 |
| 2019-06-07 | CVE-2018-10701 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 6.8 |
| 2019-06-07 | CVE-2018-10700 | Cross-site Scripting vulnerability in Moxa Awk-3121 Firmware 1.19 An issue was discovered on Moxa AWK-3121 1.19 devices. | 4.3 |