A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.
Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality.
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.
An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2).
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords.
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access.
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. Any commands (including device reboot, configuration download or upload, or firmware upgrade) are accepted and executed by the device without authentication.
Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring protocol that does not provide confidentiality, integrity, and authenticity security controls. All information is sent in plain text, and can be intercepted and modified. The protocol is vulnerable to remote unauthenticated disclosure of sensitive information, including the administrator's password. Under certain conditions, it's also possible to retrieve additional information, such as content of HTTP requests to the device, or the previously used password, due to memory leakages.
There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 17042015 and prio,r a different vulnerability than CVE-2018-11423.
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user.
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password.
Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device.
Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password.
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method.
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication.
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Administration passwords can be retried without authenticating.
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION).
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields.
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.
Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.
Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot.
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2021-38454 | CRITICAL | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 … | › |
| CVE-2017-14459 | CRITICAL | An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login funct… | › |
| CVE-2016-8363 | CRITICAL | An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Seri… | › |
| CVE-2019-5138 | CRITICAL | An exploitable command injection vulnerability exists in encrypted diagnostic script functionality o… | › |
| CVE-2024-9140 | CRITICAL | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical … | › |
| CVE-2023-28697 | CRITICAL | Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user… | › |
| CVE-2021-40390 | CRITICAL | An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Se… | › |
| CVE-2021-32976 | CRITICAL | Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version … | › |
| CVE-2021-32974 | CRITICAL | Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware vers… | › |
| CVE-2021-46560 | CRITICAL | The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device … | › |
| CVE-2021-38458 | CRITICAL | A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 … | › |
| CVE-2021-38456 | CRITICAL | A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3… | › |
| CVE-2020-28144 | CRITICAL | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series F… | › |
| CVE-2020-25196 | CRITICAL | The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet … | › |
| CVE-2020-25153 | CRITICAL | The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require … | › |
| CVE-2020-23639 | CRITICAL | A command injection vulnerability exists in Moxa Inc VPort 461 Series Firmware Version 3.4 or lower … | › |
| CVE-2020-7007 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or… | › |
| CVE-2020-6991 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an att… | › |
| CVE-2020-6981 | CRITICAL | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system w… | › |
| CVE-2020-6995 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2020-6985 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2020-6989 | CRITICAL | In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or l… | › |
| CVE-2019-9099 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2019-9096 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2019-9095 | CRITICAL | An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 device… | › |
| CVE-2018-11425 | CRITICAL | Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 a… | › |
| CVE-2018-11422 | CRITICAL | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary configuration p… | › |
| CVE-2018-11421 | CRITICAL | Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use a proprietary monitoring prot… | › |
| CVE-2018-11420 | CRITICAL | There is Memory corruption in the web interface of Moxa OnCell G3100-HSPA Series version 1.5 Build 1… | › |
| CVE-2018-11426 | CRITICAL | A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 … | › |
| CVE-2018-10698 | CRITICAL | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET serv… | › |
| CVE-2019-6526 | CRITICAL | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A serie… | › |
| CVE-2019-6563 | CRITICAL | Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to … | › |
| CVE-2019-6557 | CRITICAL | Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow re… | › |
| CVE-2019-6524 | CRITICAL | Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication atte… | › |
| CVE-2018-18396 | CRITICAL | Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions versio… | › |
| CVE-2018-18395 | CRITICAL | Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version … | › |
| CVE-2018-18394 | CRITICAL | Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Soft… | › |
| CVE-2018-18393 | CRITICAL | Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions ve… | › |
| CVE-2016-8717 | CRITICAL | An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Acc… | › |
| CVE-2018-5455 | CRITICAL | A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell … | › |
| CVE-2017-12729 | CRITICAL | A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutraliza… | › |
| CVE-2017-13701 | CRITICAL | An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensi… | › |
| CVE-2017-7915 | CRITICAL | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G31… | › |
| CVE-2017-7913 | CRITICAL | A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 1… | › |
| CVE-2016-9369 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9366 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9361 | CRITICAL | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions pr… | › |
| CVE-2016-9333 | CRITICAL | An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does … | › |
| CVE-2016-5799 | CRITICAL | Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not … | › |
| CVE-2016-5792 | CRITICAL | SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary … | › |
| CVE-2016-5804 | CRITICAL | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before … | › |
| CVE-2016-4503 | CRITICAL | Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and conseque… | › |
| CVE-2024-9137 | CRITICAL | The affected product lacks an authentication check when sending commands to the server via the Moxa … | › |
| CVE-2021-25848 | CRITICAL | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort… | › |
| CVE-2021-25847 | CRITICAL | Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort… | › |
| CVE-2019-6522 | CRITICAL | Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device mem… | › |
| CVE-2017-16727 | CRITICAL | A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort… | › |
| CVE-2016-8721 | CRITICAL | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality… | › |