cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7695,https://securityvulnerability.io/vulnerability/CVE-2024-7695,Out-of-Bounds Write Vulnerability in Moxa PT Switches,"Multiple Moxa PT switches are affected by an out-of-bounds write vulnerability stemming from inadequate input validation. This security flaw can allow unauthorized data to be written outside the memory buffer limits, potentially leading to a disruption of service. If left unaddressed on publicly accessible networks, it presents a significant risk of denial-of-service attacks, which could severely affect operational integrity. Prompt remediation is crucial to safeguard against exploitation of this vulnerability.",Moxa,"Pt-7728 Series,Pt-7828 Series,Pt-g503 Series,Pt-g510 Series,Pt-g7728 Series,Pt-g7828 Series",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T07:42:54.913Z,0
CVE-2024-12297,https://securityvulnerability.io/vulnerability/CVE-2024-12297,Authentication Bypass Vulnerability in Moxa Ethernet Switch EDS-508A Series,"The Moxa EDS-508A Series Ethernet switch is prone to an authentication bypass vulnerability due to inadequate authorization mechanisms. Attackers can exploit this weakness to perform brute-force attacks, allowing them to guess valid credentials, or execute MD5 collision attacks to forge authentication hashes. This can severely compromise the security of the device, potentially allowing unauthorized access.",Moxa,Eds-508a Series,9.2,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T10:00:46.524Z,0
CVE-2024-4740,https://securityvulnerability.io/vulnerability/CVE-2024-4740,Software Vulnerability Affects Sensitive Data,"MXsecurity software versions v1.1.0 and earlier have a vulnerability arising from the use of hard-coded credentials, which compromises the security of the system. Attackers exploiting this vulnerability can gain unauthorized access to sensitive data, potentially allowing them to tamper with critical information. Organizations utilizing these versions are encouraged to assess their security posture and implement corrective measures to mitigate associated risks.",Moxa,Mxsecurity Series,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-18T08:21:15.659Z,0
CVE-2024-4739,https://securityvulnerability.io/vulnerability/CVE-2024-4739,Unauthorized Access to Resource Due to Inadequate Restriction,"The MXsecurity software, developed by Moxa, is affected by a vulnerability that arises from inadequate access restrictions to sensitive resources. Versions v1.1.0 and older are susceptible, allowing an attacker with a valid authenticator to impersonate an authorized user. This flaw signifies potential risks to data integrity and confidentiality, as unauthorized individuals could exploit this weakness to gain access to restricted resources, leading to possible data breaches. Immediate attention to software updates and security advisories is essential to mitigate these vulnerabilities.",Moxa,Mxsecurity Series,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-18T08:11:04.908Z,0
CVE-2024-9139,https://securityvulnerability.io/vulnerability/CVE-2024-9139,Bug Bounty Platform Vulnerability Allows Arbitrary Code Execution,"The vulnerability allows for OS command injection due to improperly restricted commands in Moxa's network security appliances. This oversight permits attackers to execute arbitrary code on the affected systems, potentially compromising the integrity and availability of services. Attack vectors may involve sending specially crafted inputs that the application erroneously processes, leading to unauthorized command execution. Organizations utilizing Moxa routers and network security appliances should address this vulnerability promptly to mitigate risks associated with potential exploitation.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Edr-810 Series",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0
CVE-2024-9137,https://securityvulnerability.io/vulnerability/CVE-2024-9137,Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check,"An authentication check vulnerability exists in Moxa routers and network security appliances when commands are sent to the server via the Moxa service. This flaw enables attackers to execute predefined commands remotely, which may lead to unauthorized upload or download of configuration files, posing significant risks to system integrity and security. Without proper authentication mechanisms in place, the likelihood of exploitation increases, potentially compromising sensitive data and system functionality.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Eds-608 Series,Eds-611 Series,Eds-616 Series,Eds-619 Series,Eds-405a Series,Eds-408a Series,Eds-505a Series,Eds-508a Series,Eds-510a Series,Eds-516a Series,Eds-518a Series,Eds-g509 Series,Eds-p510 Series,Eds-p510a Series,Eds-510e Series,Eds-518e Series,Eds-528e Series,Eds-g508e Series,Eds-g512e Series,Eds-g516e Series,Eds-p506e Series,Ics-g7526a Series,Ics-g7528a Series,Ics-g7748a Series,Ics-g7750a Series,Ics-g7752a Series,Ics-g7826a Series,Ics-g7828a Series,Ics-g7848a Series,Ics-g7850a Series,Ics-g7852a Series,Iks-g6524a Series,Iks-6726a Series,Iks-6728a Series,Iks-g6824a Series,Sds-3006 Series,Sds-3008 Series,Sds-3010 Series,Sds-3016 Series,Sds-g3006 Series,Sds-g3008 Series,Sds-g3010 Series,Sds-g3016 Series,Pt-7728 Series,Pt-7828 Series,Pt-g503 Series,Pt-g510 Series,Pt-g7728 Series,Pt-g7828 Series,Tn-4500a Series,Tn-5500a Series,Tn-g4500 Series,Tn-g6500 Series",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0
CVE-2024-6785,https://securityvulnerability.io/vulnerability/CVE-2024-6785,Sensitive Information Exposure Risk Due to Cleartext Credentials Storage,"A vulnerability in the Moxa MXView and MXView One Central Manager series allows for credential storage in cleartext within the configuration file. This may enable an attacker with local access rights to read or modify the configuration file. The implications of this vulnerability could lead to the exposure of sensitive information and potential misuse of the service, threatening the overall security posture of affected systems.",Moxa,"Mxview One Series,Mxview One Central Manager Series",7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-09-21T04:07:27.736Z,0
CVE-2024-4641,https://securityvulnerability.io/vulnerability/CVE-2024-4641,OnCell G3470A-LTE Series Firmware Vulnerability,"The OnCell G3470A-LTE Series firmware, particularly versions v1.7.7 and earlier, suffers from a vulnerability due to the improper handling of format strings from external sources. This flaw allows attackers to exploit the system by modifying an externally controlled format string, potentially leading to serious consequences such as memory leaks and subsequent denial of service. Users of affected firmware are recommended to review their systems and apply necessary updates to mitigate the risks associated with this vulnerability.",Moxa,Oncell G3150a-lte Series,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-25T09:23:30.502Z,0
CVE-2024-4640,https://securityvulnerability.io/vulnerability/CVE-2024-4640,Buffer Overflow Vulnerability Affects OnCell G3470A-LTE Series Firmware,"The OnCell G3470A-LTE Series firmware, specifically versions v1.7.7 and prior, has been found to have a vulnerability due to inadequate bounds checking on buffer operations. This oversight allows an attacker to potentially write beyond the limits of allocated buffer regions in memory, which could lead to unexpected program behavior and instability, such as crashes. Organizations utilizing this firmware should be aware of the implications of this vulnerability and take appropriate measures to protect their systems.",Moxa,Oncell G3150a-lte Series,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-25T09:19:08.712Z,0
CVE-2024-4639,https://securityvulnerability.io/vulnerability/CVE-2024-4639,Unauthorized Command Execution Vulnerability in OnCell G3470A-LTE Series Firmware,"The OnCell G3470A-LTE Series from Moxa has a vulnerability stemming from improper handling of user inputs in its IPSec configuration. This oversight allows attackers to manipulate commands sent to critical functions within the device. By exploiting this flaw, malicious actors can execute commands that the device administrator did not intend, potentially compromising the integrity and security of the network environment. Users are advised to update to secure firmware versions to mitigate risks associated with this vulnerability.",Moxa,Oncell G3150a-lte Series,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-25T09:15:03.229Z,0
CVE-2024-4638,https://securityvulnerability.io/vulnerability/CVE-2024-4638,OnCell G3470A-LTE Series Firmware Vulnerability,"The Moxa OnCell G3470A-LTE Series firmware suffers from a vulnerability stemming from improper input validation in the web key upload function. This flaw allows an attacker to manipulate intended commands sent to target functions, potentially enabling malicious users to execute unauthorized commands within the system. Affected firmware versions include v1.7.7 and earlier. Users are advised to review security recommendations and apply necessary updates to safeguard their devices.",Moxa,Oncell G3470a-lte Series,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-25T08:49:24.910Z,0
CVE-2024-3576,https://securityvulnerability.io/vulnerability/CVE-2024-3576,NPort 5100A Series Affected by Web Server XSS Vulnerability,"The Moxa NPort 5100A Series, specifically firmware versions v1.6 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability within its web server. This flaw arises from inadequate neutralization of user input before it is outputted, creating a pathway for malicious actors to infiltrate the system. By leveraging this vulnerability, attackers may extract sensitive information or escalate their privileges, posing significant security risks to environments utilizing these products.",Moxa,Nport 5100a Series,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T12:04:47.826Z,0
CVE-2024-1220,https://securityvulnerability.io/vulnerability/CVE-2024-1220,Buffer Overflow Vulnerability in Moxa NPort W2150A/W2250A Series Firmware,"The vulnerability relates to a stack-based buffer overflow in the built-in web server of Moxa's NPort W2150A/W2250A Series. This issue exists in firmware versions 2.3 and earlier, allowing remote attackers to send specially crafted payloads to the web service. If successfully exploited, this vulnerability can lead to denial of service, potentially disrupting the normal operation of the affected devices.",Moxa,Nport W2150a/w2250a Series,8.2,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-03-06T01:51:19.200Z,0
CVE-2023-5961,https://securityvulnerability.io/vulnerability/CVE-2023-5961,ioLogik E1200 Series Firmware Vulnerable to CSRF Attacks,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ioLogik E1200 Series firmware, specifically in versions v3.3 and earlier. This security flaw allows an attacker to deceive a client into issuing an unintentional request to the web server. Since the request is processed as if it were a legitimate action by the user, it could enable the attacker to execute operations without the user's consent. It is crucial for users of the affected firmware to take preventive measures to safeguard their systems against potential exploitation.",Moxa,Iologik E1200 Series,8.8,HIGH,0.0007200000109151006,false,,false,false,true,2024-02-01T00:00:16.000Z,true,false,false,,2023-12-23T09:15:00.000Z,0
CVE-2023-5627,https://securityvulnerability.io/vulnerability/CVE-2023-5627,Incorrect Implementation of Authentication Algorithm Vulnerability,"A vulnerability has been discovered in Moxa's NPort 6000 Series that compromises the application's authentication mechanism. This issue stems from an improper implementation of sensitive information protection protocols. As a result, this flaw may allow unauthorized users to access web services without proper authentication controls, posing a risk to data integrity and confidentiality.",Moxa,NPort 6000 Series,7.5,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-11-01T16:15:00.000Z,0
CVE-2023-39979,https://securityvulnerability.io/vulnerability/CVE-2023-39979,MXsecurity Authentication Bypass,"A vulnerability exists in MXsecurity versions prior to 1.0.1, allowing remote attackers to bypass authentication mechanisms due to inadequate randomness in the web service authenticator. This weakness can potentially enable unauthorized access to the system, exposing sensitive data and functionalities. It is crucial for users of affected versions to apply the latest updates to mitigate the risks associated with this vulnerability.",Moxa,Mxsecurity Series,9.8,CRITICAL,0.002309999894350767,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39981,https://securityvulnerability.io/vulnerability/CVE-2023-39981,MXsecurity Device Information Disclosure,"A vulnerability has been identified in Moxa's MXsecurity product, which allows unauthorized access due to inadequate authentication measures. This issue could enable remote attackers to potentially disclose sensitive device information, raising concerns about the overall security posture of affected systems. Users are encouraged to upgrade to MXsecurity version 1.0.1 or later to mitigate this vulnerability.",Moxa,Mxsecurity Series,7.5,HIGH,0.0026400000788271427,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-39980,https://securityvulnerability.io/vulnerability/CVE-2023-39980,MXsecurity Authenticated Information Disclosure Due to SQL Injection,"A flaw has been identified in MXsecurity versions prior to v1.0.1, which enables unauthorized disclosure of authenticated information. This vulnerability results from improper neutralization of special elements, which allows remote attackers to manipulate SQL commands. Organizations using affected versions are advised to update to the latest version to mitigate potential security risks.",Moxa,Mxsecurity Series,7.1,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-09-02T13:15:00.000Z,0
CVE-2023-34217,https://securityvulnerability.io/vulnerability/CVE-2023-34217,Second Order Command-injection Vulnerability in the Certificate-delete Function,"The TN-4900 and TN-5900 Series firmware prior to version v1.2.4 and v3.3 respectively are affected by a command-injection vulnerability due to inadequate input validation in the certificate-delete function. This flaw allows malicious actors to potentially delete arbitrary files from the affected devices, posing a significant risk to the integrity and functionality of the systems.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34215,https://securityvulnerability.io/vulnerability/CVE-2023-34215,Second Order Command-injection Vulnerability in the Certificate-generation Function,"The TN-5900 Series firmware versions v3.3 and earlier are susceptible to a command injection vulnerability due to inadequate input validation and flawed authentication mechanisms within the certification-generation function. This weakness may enable malicious actors to execute arbitrary code remotely on the compromised devices, highlighting the importance of prompt updates to mitigate such risks.",Moxa,Tn-5900 Series,9.8,CRITICAL,0.0022299999836832285,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34216,https://securityvulnerability.io/vulnerability/CVE-2023-34216,Second Order Command-injection Vulnerability in the Key-delete Function,"The Moxa TN-4900 and TN-5900 Series firmware prior to specified versions contain a command injection vulnerability linked to insufficient input validation in the key-delete function. This flaw allows unauthorized users to execute arbitrary commands, which could result in the deletion of any file on the affected system. Users are advised to upgrade to the latest firmware versions to mitigate potential risks.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-08-17T07:15:00.000Z,0
CVE-2023-34213,https://securityvulnerability.io/vulnerability/CVE-2023-34213,Second Order Command-injection Vulnerability in the Key-generation Function,"The Moxa TN-5900 Series firmware, specifically versions v3.3 and prior, is susceptible to a command injection vulnerability caused by insufficient input validation and improper authentication in its key-generation function. This flaw could enable malicious actors to execute arbitrary commands remotely, potentially compromising the security and functionality of the affected devices.",Moxa,Tn-5900 Series,9.8,CRITICAL,0.0022299999836832285,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-34214,https://securityvulnerability.io/vulnerability/CVE-2023-34214,Second Order Command-injection Vulnerability in the Certificate-generation Function,"The command injection vulnerability in Moxa's TN-4900 and TN-5900 Series firmware arises from inadequate input validation within the certificate-generation function. This flaw can be exploited by malicious users to execute arbitrary commands remotely on the affected devices, posing a significant security risk. Users are urged to update to the latest firmware versions to mitigate this threat.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series",9.8,CRITICAL,0.0011500000255182385,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-33238,https://securityvulnerability.io/vulnerability/CVE-2023-33238,Command-injection Vulnerability in Certificate Management,"The TN-4900 and TN-5900 Series firmware from Moxa contains a command injection vulnerability due to insufficient input validation within the certificate management function. This flaw allows attackers to potentially execute arbitrary commands remotely on the affected devices, posing significant security risks that could compromise device integrity and data confidentiality.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0
CVE-2023-33239,https://securityvulnerability.io/vulnerability/CVE-2023-33239,Second Order Command-injection Vulnerability in the Key-generation Function,"The TN-4900 and TN-5900 Series firmware from Moxa is susceptible to a command injection vulnerability due to inadequate input validation in the key-generation process. Malicious users can exploit this weakness to execute arbitrary commands remotely, posing significant risks to the affected devices' integrity and security.",Moxa,"Tn-5900 Series,Tn-4900 Series,Edr-810 Series,Edr-g902 Series,Edr-g903 Series,Edr-g9010 Series,Nat-102 Series",9.8,CRITICAL,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-08-17T03:15:00.000Z,0