Filtered by vendor Moxa
Subscriptions
Total
306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2026 | 1 Moxa | 2 Nport 6100-g2 Series, Nport 6200-g2 Series | 2026-04-15 | N/A |
| The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-of-service (DoS) condition. An authenticated remote attacker with web read-only privileges can exploit the vulnerable API to inject malicious input. Successful exploitation may cause the device to reboot, disrupting normal operations and causing a temporary denial of service. | ||||
| CVE-2025-1977 | 1 Moxa | 2 Nport 6100-g2 Series, Nport 6200-g2 Series | 2026-04-15 | N/A |
| The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device settings that were not intended to be permitted for the affected user role, potentially leading to a high impact on the confidentiality, integrity, and availability of the device. No impact on other systems has been identified. | ||||
| CVE-2025-1680 | 1 Moxa | 4 Tn-4500a, Tn-5500a, Tn-g4500 and 1 more | 2026-04-15 | N/A |
| An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Host Header Injection, where invalid Host headers can manipulate to redirect users, forge links, or phishing attacks. There is no impact to the confidentiality, integrity, and availability of the affected device; no loss of confidentiality, integrity, and availability within any subsequent systems. | ||||
| CVE-2025-6950 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2026-04-15 | N/A |
| An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an unauthenticated attacker to forge valid tokens, thereby bypassing authentication controls and impersonating any user. Exploitation of this vulnerability can result in complete system compromise, enabling unauthorized access, data theft, and full administrative control over the affected device. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2024-9139 | 1 Moxa | 8 Edf-g1002-bp Firmware, Edr-8010 Firmware, Edr-810 Firmware and 5 more | 2026-04-15 | 7.2 High |
| The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. | ||||
| CVE-2026-4483 | 1 Moxa | 1 Mxgeneralio | 2026-04-08 | N/A |
| An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified. | ||||
| CVE-2022-41313 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-11-04 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | ||||
| CVE-2022-41312 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-11-04 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | ||||
| CVE-2022-41311 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-11-04 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | ||||
| CVE-2016-9356 | 1 Moxa | 1 Dacenter | 2025-04-20 | N/A |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | ||||
| CVE-2017-13699 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2025-04-20 | N/A |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. | ||||
| CVE-2016-8716 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 7.5 High |
| An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | ||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 5.3 Medium |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | ||||
| CVE-2017-13700 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2025-04-20 | N/A |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. | ||||
| CVE-2016-8723 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 7.5 High |
| An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. | ||||
| CVE-2016-8727 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | N/A |
| An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. | ||||
| CVE-2016-8721 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 9.1 Critical |
| An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. | ||||
| CVE-2016-8350 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2025-04-20 | 6.3 Medium |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY). | ||||
| CVE-2016-8362 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2025-04-20 | N/A |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. | ||||
| CVE-2016-8720 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2025-04-20 | 4.3 Medium |
| An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP response. | ||||