Export limit exceeded: 366311 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (311 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18242 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-11-21 | 7.5 High |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. | ||||
| CVE-2019-18238 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-11-21 | 7.5 High |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account. | ||||
| CVE-2019-10969 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 7.2 High |
| Moxa EDR 810, all versions 5.1 and prior, allows an authenticated attacker to abuse the ping feature to execute unauthorized commands on the router, which may allow an attacker to perform remote code execution. | ||||
| CVE-2019-10963 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | 4.3 Medium |
| Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated attacker to be able to retrieve some log files from the device, which may allow sensitive information disclosure. Log files must have previously been exported by a legitimate user. | ||||
| CVE-2018-7506 | 1 Moxa | 1 Mxview | 2024-11-21 | N/A |
| The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. | ||||
| CVE-2018-5455 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | N/A |
| A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions. | ||||
| CVE-2018-5453 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | N/A |
| An Improper Handling of Length Parameter Inconsistency issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker may be able to edit the element of an HTTP request, causing the device to become unavailable. | ||||
| CVE-2018-5449 | 1 Moxa | 8 Oncell G3110-hspa, Oncell G3110-hspa-t, Oncell G3110-hspa-t Firmware and 5 more | 2024-11-21 | N/A |
| A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application does not check for a NULL value, allowing for an attacker to perform a denial of service attack. | ||||
| CVE-2018-19660 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-11-21 | N/A |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user. | ||||
| CVE-2018-19659 | 1 Moxa | 2 Nport W2x50a, Nport W2x50a Firmware | 2024-11-21 | N/A |
| An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120. | ||||
| CVE-2018-18396 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18395 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18394 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18393 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18392 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18391 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-18390 | 1 Moxa | 1 Thingspro | 2024-11-21 | N/A |
| User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1. | ||||
| CVE-2018-16282 | 1 Moxa | 2 Edr-810, Edr-810 Firmware | 2024-11-21 | N/A |
| A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. | ||||
| CVE-2018-11427 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2024-11-21 | N/A |
| CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | ||||
| CVE-2018-11426 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2024-11-21 | N/A |
| A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change. | ||||