Filtered by vendor Moxa
Subscribe
Search
Total
248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8718 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. | |||||
| CVE-2016-8712 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 4.3 MEDIUM | 8.1 HIGH |
| An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. | |||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-8723 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 7.8 HIGH | 7.5 HIGH |
| An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. | |||||
| CVE-2016-8726 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2017-04-20 | 7.8 HIGH | 7.5 HIGH |
| An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. | |||||
| CVE-2016-8363 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2017-03-16 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. | |||||
| CVE-2016-8362 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2017-03-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. | |||||
| CVE-2016-9346 | 1 Moxa | 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more | 2017-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. | |||||
| CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2017-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | |||||
| CVE-2016-9344 | 1 Moxa | 6 Miineport E1, Miineport E1 Firmware, Miineport E2 and 3 more | 2017-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. | |||||
| CVE-2016-9369 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. | |||||
| CVE-2016-9367 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion. | |||||
| CVE-2016-9365 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY). | |||||
| CVE-2016-9363 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code. | |||||
| CVE-2016-9361 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating. | |||||
| CVE-2016-9371 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). | |||||
| CVE-2016-9348 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. A configuration file contains parameters that represent passwords in plaintext. | |||||
| CVE-2016-9366 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. | |||||
| CVE-2016-8360 | 1 Moxa | 1 Softcms | 2017-02-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. | |||||
| CVE-2016-9356 | 1 Moxa | 1 Dacenter | 2017-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | |||||
| CVE-2016-9354 | 1 Moxa | 1 Dacenter | 2017-02-17 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | |||||
| CVE-2015-6465 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2016-12-22 | 6.8 MEDIUM | N/A |
| The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | |||||
| CVE-2015-0986 | 1 Moxa | 1 Vport Activex Sdk Plus | 2016-12-08 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. | |||||
| CVE-2016-2295 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allow remote attackers to obtain sensitive cleartext information by reading a configuration file. | |||||
| CVE-2016-2286 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2016-2285 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2016-11-30 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-5792 | 1 Moxa | 1 Softcms | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. | |||||
| CVE-2016-5812 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2016-11-28 | 2.1 LOW | 3.3 LOW |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file. | |||||
| CVE-2016-5804 | 1 Moxa | 10 Mgate Mb3170 Router, Mgate Mb3170 Router Firmware, Mgate Mb3180 Router and 7 more | 2016-11-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | |||||
| CVE-2016-5799 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2016-5793 | 1 Moxa | 1 Active Opc Server | 2016-11-28 | 7.2 HIGH | 8.8 HIGH |
| Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
| CVE-2015-1000 | 1 Moxa | 1 Softcms | 2016-11-28 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. | |||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-06-02 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
| CVE-2016-4500 | 1 Moxa | 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware | 2016-06-01 | 4.9 MEDIUM | 5.8 MEDIUM |
| Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2016-0877 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 7.8 HIGH | 7.5 HIGH |
| Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |||||
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
| CVE-2016-0878 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. | |||||
| CVE-2016-2283 | 1 Moxa | 16 Ioadmin Firmware, Iologic E2210, Iologic E2210-t and 13 more | 2016-03-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration Utility before 3.18 do not properly encrypt data, which makes it easier for remote attackers to obtain the associated cleartext via unspecified vectors. | |||||
| CVE-2015-6481 | 1 Moxa | 1 Oncell Central Manager | 2015-12-22 | 7.5 HIGH | 8.3 HIGH |
| The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login session. | |||||
| CVE-2015-6480 | 1 Moxa | 1 Oncell Central Manager | 2015-12-21 | 7.5 HIGH | 8.3 HIGH |
| The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | |||||
| CVE-2015-6466 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2015-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | |||||
| CVE-2015-6464 | 1 Moxa | 4 Eds-405a, Eds-405a Firmware, Eds-408a and 1 more | 2015-09-14 | 8.5 HIGH | N/A |
| The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. | |||||
| CVE-2012-3039 | 1 Moxa | 5 Oncell Gateway Firmware, Oncell Gateway G3111, Oncell Gateway G3151 and 2 more | 2013-08-12 | 7.1 HIGH | N/A |
| Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmware before 1.4 do not use a sufficient source of entropy for SSH and SSL keys, which makes it easier for remote attackers to obtain access by leveraging knowledge of a key from a product installation elsewhere. | |||||
| CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2013-02-15 | 5.0 MEDIUM | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
| CVE-2012-4694 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2013-02-15 | 7.6 HIGH | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere. | |||||
| CVE-2010-4741 | 1 Moxa | 2 Device Manager, Mdm Tool | 2011-04-26 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321. | |||||
| CVE-2010-4742 | 1 Moxa | 1 Activex Sdk | 2011-04-26 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. | |||||