cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4452,https://securityvulnerability.io/vulnerability/CVE-2023-4452,Web Server Buffer Overflow Vulnerability,"A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them  vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. 
",Moxa,"Edr-810 Series,Edr G902 Series,Edr G903 Series",6.5,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-11-01T15:15:00.000Z,0
CVE-2023-34216,https://securityvulnerability.io/vulnerability/CVE-2023-34216,Second Order Command-injection Vulnerability in the Key-delete Function,"The Moxa TN-4900 and TN-5900 Series firmware prior to specified versions contain a command injection vulnerability linked to insufficient input validation in the key-delete function. This flaw allows unauthorized users to execute arbitrary commands, which could result in the deletion of any file on the affected system. Users are advised to upgrade to the latest firmware versions to mitigate potential risks.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34217,https://securityvulnerability.io/vulnerability/CVE-2023-34217,Second Order Command-injection Vulnerability in the Certificate-delete Function,"The TN-4900 and TN-5900 Series firmware prior to version v1.2.4 and v3.3 respectively are affected by a command-injection vulnerability due to inadequate input validation in the certificate-delete function. This flaw allows malicious actors to potentially delete arbitrary files from the affected devices, posing a significant risk to the integrity and functionality of the systems.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34214,https://securityvulnerability.io/vulnerability/CVE-2023-34214,Second Order Command-injection Vulnerability in the Certificate-generation Function,"The command injection vulnerability in Moxa's TN-4900 and TN-5900 Series firmware arises from inadequate input validation within the certificate-generation function. This flaw can be exploited by malicious users to execute arbitrary commands remotely on the affected devices, posing a significant security risk. Users are urged to update to the latest firmware versions to mitigate this threat.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series",9.8,CRITICAL,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-33239,https://securityvulnerability.io/vulnerability/CVE-2023-33239,Second Order Command-injection Vulnerability in the Key-generation Function,"The TN-4900 and TN-5900 Series firmware from Moxa is susceptible to a command injection vulnerability due to inadequate input validation in the key-generation process. Malicious users can exploit this weakness to execute arbitrary commands remotely, posing significant risks to the affected devices' integrity and security.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-33238,https://securityvulnerability.io/vulnerability/CVE-2023-33238,Command-injection Vulnerability in Certificate Management,"The TN-4900 and TN-5900 Series firmware from Moxa contains a command injection vulnerability due to insufficient input validation within the certificate management function. This flaw allows attackers to potentially execute arbitrary commands remotely on the affected devices, posing significant security risks that could compromise device integrity and data confidentiality.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2020-28144,https://securityvulnerability.io/vulnerability/CVE-2020-28144,,"Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.",Moxa,Edr-g903 Firmware,9.8,CRITICAL,0.008980000391602516,false,,false,false,false,,,false,false,,2021-02-03T12:48:41.000Z,0
CVE-2020-14511,https://securityvulnerability.io/vulnerability/CVE-2020-14511,,Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).,Moxa,Edr-g902 And Edr-g903 Series Routers,9.8,CRITICAL,0.0053400001488626,false,,false,false,false,,,false,false,,2020-07-15T12:27:24.000Z,0
CVE-2016-0876,https://securityvulnerability.io/vulnerability/CVE-2016-0876,,Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.,Moxa,Edr-g903 Firmware,7.5,HIGH,0.0028899998869746923,false,,false,false,false,,,false,false,,2016-05-31T01:00:00.000Z,0
CVE-2016-0878,https://securityvulnerability.io/vulnerability/CVE-2016-0878,,Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.,Moxa,Edr-g903 Firmware,7.5,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2016-05-31T01:00:00.000Z,0
CVE-2016-0875,https://securityvulnerability.io/vulnerability/CVE-2016-0875,,Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.,Moxa,Edr-g903 Firmware,7.5,HIGH,0.0028899998869746923,false,,false,false,false,,,false,false,,2016-05-31T01:00:00.000Z,0
CVE-2016-0877,https://securityvulnerability.io/vulnerability/CVE-2016-0877,,Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.,Moxa,Edr-g903 Firmware,7.5,HIGH,0.0016499999910593033,false,,false,false,false,,,false,false,,2016-05-31T01:00:00.000Z,0
CVE-2016-0879,https://securityvulnerability.io/vulnerability/CVE-2016-0879,,"Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.",Moxa,Edr-g903 Firmware,7.5,HIGH,0.0028899998869746923,false,,false,false,false,,,false,false,,2016-05-31T01:00:00.000Z,0
CVE-2012-4694,https://securityvulnerability.io/vulnerability/CVE-2012-4694,,"Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.",Moxa,"Edr G903 Firmware,Edr-g903",,,0.0011099999537691474,false,,false,false,false,,,false,false,,2013-02-15T12:09:00.000Z,0
CVE-2012-4712,https://securityvulnerability.io/vulnerability/CVE-2012-4712,,"Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors.",Moxa,Edr-g903 Firmware,,,0.004980000201612711,false,,false,false,false,,,false,false,,2013-02-15T12:09:00.000Z,0