Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Moxa Subscribe
Filtered by product Edr G903 Firmware

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0879 1 Moxa 2 Edr-g903, Edr G903 Firmware 2016-06-02 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
CVE-2016-0876 1 Moxa 2 Edr-g903, Edr G903 Firmware 2016-06-01 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
CVE-2016-0877 1 Moxa 2 Edr-g903, Edr G903 Firmware 2016-05-31 7.8 HIGH 7.5 HIGH
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVE-2016-0875 1 Moxa 2 Edr-g903, Edr G903 Firmware 2016-05-31 5.0 MEDIUM 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
CVE-2016-0878 1 Moxa 2 Edr-g903, Edr G903 Firmware 2016-05-31 7.8 HIGH 7.5 HIGH
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
CVE-2012-4694 1 Moxa 2 Edr-g903, Edr G903 Firmware 2013-02-15 7.6 HIGH N/A
Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
CVE-2012-4712 1 Moxa 2 Edr-g903, Edr G903 Firmware 2013-02-15 5.0 MEDIUM N/A
Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.