cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-7695,https://securityvulnerability.io/vulnerability/CVE-2024-7695,Out-of-Bounds Write Vulnerability in Moxa PT Switches,"Multiple Moxa PT switches are affected by an out-of-bounds write vulnerability stemming from inadequate input validation. This security flaw can allow unauthorized data to be written outside the memory buffer limits, potentially leading to a disruption of service. If left unaddressed on publicly accessible networks, it presents a significant risk of denial-of-service attacks, which could severely affect operational integrity. Prompt remediation is crucial to safeguard against exploitation of this vulnerability.",Moxa,"Pt-7728 Series,Pt-7828 Series,Pt-g503 Series,Pt-g510 Series,Pt-g7728 Series,Pt-g7828 Series",8.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-29T07:42:54.913Z,0 CVE-2025-0193,https://securityvulnerability.io/vulnerability/CVE-2025-0193,Stored Cross-site Scripting Vulnerability in Moxa MGate 5121/5122/5123 Series Firmware,"A stored Cross-site Scripting (XSS) flaw is present in the firmware of Moxa's MGate 5121, 5122, and 5123 Series devices due to inadequate validation and encoding of user inputs within the 'Login Message' function. An attacker with administrative privileges can exploit this vulnerability to inject harmful scripts that are persistently stored on the device. These scripts execute when other users visit the login page, which may lead to unauthorized actions or varied impacts depending on those users' privileges.",Moxa,"Mgate 5121 Series,Mgate 5122 Series,Mgate 5123 Series",5.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T11:05:11.594Z,0 CVE-2024-12297,https://securityvulnerability.io/vulnerability/CVE-2024-12297,Authentication Bypass Vulnerability in Moxa Ethernet Switch EDS-508A Series,"The Moxa EDS-508A Series Ethernet switch is prone to an authentication bypass vulnerability due to inadequate authorization mechanisms. Attackers can exploit this weakness to perform brute-force attacks, allowing them to guess valid credentials, or execute MD5 collision attacks to forge authentication hashes. This can severely compromise the security of the device, potentially allowing unauthorized access.",Moxa,Eds-508a Series,9.2,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T10:00:46.524Z,0 CVE-2024-9138,https://securityvulnerability.io/vulnerability/CVE-2024-9138,Privilege Escalation Vulnerability in Moxa Cellular and Secure Routers,"Moxa's cellular routers, secure routers, and network security appliances contain a vulnerability that involves hard-coded credentials, which can be exploited by authenticated users to escalate their privileges. This vulnerability allows attackers to gain root-level access to the system, significantly increasing the risk of unauthorized actions and data breaches. Organizations using these products are encouraged to assess their security settings and apply any necessary updates to mitigate potential risks.",Moxa,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-03T09:15:00.000Z,1054 CVE-2024-9140,https://securityvulnerability.io/vulnerability/CVE-2024-9140,OS Command Injection Vulnerability in Moxa Cellular and Secure Routers,"The vulnerability allows for OS command injection in Moxa’s cellular and secure routers as well as network security appliances. This security flaw is a result of commands not being properly restricted, which could allow an attacker to execute arbitrary code on the affected devices. Such an exploit may lead to unauthorized access, compromised data integrity, and disruption of network services. Organizations deploying these products must take immediate precautions to assess risk and implement the necessary security measures to mitigate potential attacks.",Moxa,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-03T09:15:00.000Z,296 CVE-2024-9404,https://securityvulnerability.io/vulnerability/CVE-2024-9404,Moxa IP Cameras Vulnerable to Denial-of-Service Attacks,"Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation.",Moxa,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-04T04:15:00.000Z,0 CVE-2024-4740,https://securityvulnerability.io/vulnerability/CVE-2024-4740,Software Vulnerability Affects Sensitive Data,"MXsecurity software versions v1.1.0 and earlier have a vulnerability arising from the use of hard-coded credentials, which compromises the security of the system. Attackers exploiting this vulnerability can gain unauthorized access to sensitive data, potentially allowing them to tamper with critical information. Organizations utilizing these versions are encouraged to assess their security posture and implement corrective measures to mitigate associated risks.",Moxa,Mxsecurity Series,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-18T08:21:15.659Z,0 CVE-2024-4739,https://securityvulnerability.io/vulnerability/CVE-2024-4739,Unauthorized Access to Resource Due to Inadequate Restriction,"The MXsecurity software, developed by Moxa, is affected by a vulnerability that arises from inadequate access restrictions to sensitive resources. Versions v1.1.0 and older are susceptible, allowing an attacker with a valid authenticator to impersonate an authorized user. This flaw signifies potential risks to data integrity and confidentiality, as unauthorized individuals could exploit this weakness to gain access to restricted resources, leading to possible data breaches. Immediate attention to software updates and security advisories is essential to mitigate these vulnerabilities.",Moxa,Mxsecurity Series,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-18T08:11:04.908Z,0 CVE-2024-9139,https://securityvulnerability.io/vulnerability/CVE-2024-9139,Bug Bounty Platform Vulnerability Allows Arbitrary Code Execution,"The vulnerability allows for OS command injection due to improperly restricted commands in Moxa's network security appliances. This oversight permits attackers to execute arbitrary code on the affected systems, potentially compromising the integrity and availability of services. Attack vectors may involve sending specially crafted inputs that the application erroneously processes, leading to unauthorized command execution. Organizations utilizing Moxa routers and network security appliances should address this vulnerability promptly to mitigate risks associated with potential exploitation.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Edr-810 Series",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0 CVE-2024-9137,https://securityvulnerability.io/vulnerability/CVE-2024-9137,Unauthorized Access to Configuration Files and System Compromise via Lack of Authentication Check,"An authentication check vulnerability exists in Moxa routers and network security appliances when commands are sent to the server via the Moxa service. This flaw enables attackers to execute predefined commands remotely, which may lead to unauthorized upload or download of configuration files, posing significant risks to system integrity and security. Without proper authentication mechanisms in place, the likelihood of exploitation increases, potentially compromising sensitive data and system functionality.",Moxa,"Edr-8010 Series,Edr-g9004 Series,Edr-g9010 Series,Edf-g1002-bp Series,Nat-102 Series,Oncell G4302-lte4 Series,Tn-4900 Series,Eds-608 Series,Eds-611 Series,Eds-616 Series,Eds-619 Series,Eds-405a Series,Eds-408a Series,Eds-505a Series,Eds-508a Series,Eds-510a Series,Eds-516a Series,Eds-518a Series,Eds-g509 Series,Eds-p510 Series,Eds-p510a Series,Eds-510e Series,Eds-518e Series,Eds-528e Series,Eds-g508e Series,Eds-g512e Series,Eds-g516e Series,Eds-p506e Series,Ics-g7526a Series,Ics-g7528a Series,Ics-g7748a Series,Ics-g7750a Series,Ics-g7752a Series,Ics-g7826a Series,Ics-g7828a Series,Ics-g7848a Series,Ics-g7850a Series,Ics-g7852a Series,Iks-g6524a Series,Iks-6726a Series,Iks-6728a Series,Iks-g6824a Series,Sds-3006 Series,Sds-3008 Series,Sds-3010 Series,Sds-3016 Series,Sds-g3006 Series,Sds-g3008 Series,Sds-g3010 Series,Sds-g3016 Series,Pt-7728 Series,Pt-7828 Series,Pt-g503 Series,Pt-g510 Series,Pt-g7728 Series,Pt-g7828 Series,Tn-4500a Series,Tn-5500a Series,Tn-g4500 Series,Tn-g6500 Series",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T09:15:00.000Z,0 CVE-2024-6787,https://securityvulnerability.io/vulnerability/CVE-2024-6787,Race Condition Vulnerability Could Lead to File Tampering and Code Execution,"This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses.",Moxa,Mxview One Series,5.9,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-09-21T04:20:22.302Z,0 CVE-2024-6786,https://securityvulnerability.io/vulnerability/CVE-2024-6786,Vulnerability in MQTT Allowes Arbitrary File Reading,"The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.",Moxa,Mxview One Series,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-21T04:14:22.667Z,0 CVE-2024-6785,https://securityvulnerability.io/vulnerability/CVE-2024-6785,Sensitive Information Exposure Risk Due to Cleartext Credentials Storage,"A vulnerability in the Moxa MXView and MXView One Central Manager series allows for credential storage in cleartext within the configuration file. This may enable an attacker with local access rights to read or modify the configuration file. The implications of this vulnerability could lead to the exposure of sensitive information and potential misuse of the service, threatening the overall security posture of affected systems.",Moxa,"Mxview One Series,Mxview One Central Manager Series",7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2024-09-21T04:07:27.736Z,0 CVE-2024-4641,https://securityvulnerability.io/vulnerability/CVE-2024-4641,OnCell G3470A-LTE Series Firmware Vulnerability,"The OnCell G3470A-LTE Series firmware, particularly versions v1.7.7 and earlier, suffers from a vulnerability due to the improper handling of format strings from external sources. This flaw allows attackers to exploit the system by modifying an externally controlled format string, potentially leading to serious consequences such as memory leaks and subsequent denial of service. Users of affected firmware are recommended to review their systems and apply necessary updates to mitigate the risks associated with this vulnerability.",Moxa,Oncell G3150a-lte Series,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-25T09:23:30.502Z,0 CVE-2024-4640,https://securityvulnerability.io/vulnerability/CVE-2024-4640,Buffer Overflow Vulnerability Affects OnCell G3470A-LTE Series Firmware,"The OnCell G3470A-LTE Series firmware, specifically versions v1.7.7 and prior, has been found to have a vulnerability due to inadequate bounds checking on buffer operations. This oversight allows an attacker to potentially write beyond the limits of allocated buffer regions in memory, which could lead to unexpected program behavior and instability, such as crashes. Organizations utilizing this firmware should be aware of the implications of this vulnerability and take appropriate measures to protect their systems.",Moxa,Oncell G3150a-lte Series,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-25T09:19:08.712Z,0 CVE-2024-4639,https://securityvulnerability.io/vulnerability/CVE-2024-4639,Unauthorized Command Execution Vulnerability in OnCell G3470A-LTE Series Firmware,"The OnCell G3470A-LTE Series from Moxa has a vulnerability stemming from improper handling of user inputs in its IPSec configuration. This oversight allows attackers to manipulate commands sent to critical functions within the device. By exploiting this flaw, malicious actors can execute commands that the device administrator did not intend, potentially compromising the integrity and security of the network environment. Users are advised to update to secure firmware versions to mitigate risks associated with this vulnerability.",Moxa,Oncell G3150a-lte Series,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-25T09:15:03.229Z,0 CVE-2024-4638,https://securityvulnerability.io/vulnerability/CVE-2024-4638,OnCell G3470A-LTE Series Firmware Vulnerability,"The Moxa OnCell G3470A-LTE Series firmware suffers from a vulnerability stemming from improper input validation in the web key upload function. This flaw allows an attacker to manipulate intended commands sent to target functions, potentially enabling malicious users to execute unauthorized commands within the system. Affected firmware versions include v1.7.7 and earlier. Users are advised to review security recommendations and apply necessary updates to safeguard their devices.",Moxa,Oncell G3470a-lte Series,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-25T08:49:24.910Z,0 CVE-2024-3576,https://securityvulnerability.io/vulnerability/CVE-2024-3576,NPort 5100A Series Affected by Web Server XSS Vulnerability,"The Moxa NPort 5100A Series, specifically firmware versions v1.6 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability within its web server. This flaw arises from inadequate neutralization of user input before it is outputted, creating a pathway for malicious actors to infiltrate the system. By leveraging this vulnerability, attackers may extract sensitive information or escalate their privileges, posing significant security risks to environments utilizing these products.",Moxa,Nport 5100a Series,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-06T12:04:47.826Z,0 CVE-2024-1220,https://securityvulnerability.io/vulnerability/CVE-2024-1220,Buffer Overflow Vulnerability in Moxa NPort W2150A/W2250A Series Firmware,"The vulnerability relates to a stack-based buffer overflow in the built-in web server of Moxa's NPort W2150A/W2250A Series. This issue exists in firmware versions 2.3 and earlier, allowing remote attackers to send specially crafted payloads to the web service. If successfully exploited, this vulnerability can lead to denial of service, potentially disrupting the normal operation of the affected devices.",Moxa,Nport W2150a/w2250a Series,8.2,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-03-06T01:51:19.200Z,0 CVE-2024-0387,https://securityvulnerability.io/vulnerability/CVE-2024-0387,Vulnerability in IP Forwarding Capabilities Could Allow Attacker to Bypass Access Controls or Hide Source of Malicious Requests,The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests.,Moxa,"Eds-4008 Series,Eds-4009 Series,Eds-4012 Series,Eds-4014 Series,Eds-g4008 Series,Eds-g4012 Series,Eds-g4014 Series",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-26T13:26:56.551Z,0 CVE-2023-6094,https://securityvulnerability.io/vulnerability/CVE-2023-6094,OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials,"A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. ",Moxa,Oncell G3150a-lte Series,5.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-31T10:15:00.000Z,0 CVE-2023-6093,https://securityvulnerability.io/vulnerability/CVE-2023-6093,OnCell G3150A-LTE Series: Clickjacking Vulnerability,"A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application. ",Moxa,OnCell G3150A-LTE Series,5.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-12-31T10:15:00.000Z,0 CVE-2023-5962,https://securityvulnerability.io/vulnerability/CVE-2023-5962,ioLogik E1200 Series: Weak Cryptographic Algorithm Vulnerability,A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization.,Moxa,Iologik E1200 Series,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-12-23T09:15:00.000Z,0 CVE-2023-5961,https://securityvulnerability.io/vulnerability/CVE-2023-5961,ioLogik E1200 Series Firmware Vulnerable to CSRF Attacks,"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ioLogik E1200 Series firmware, specifically in versions v3.3 and earlier. This security flaw allows an attacker to deceive a client into issuing an unintentional request to the web server. Since the request is processed as if it were a legitimate action by the user, it could enable the attacker to execute operations without the user's consent. It is crucial for users of the affected firmware to take preventive measures to safeguard their systems against potential exploitation.",Moxa,Iologik E1200 Series,8.8,HIGH,0.0007200000109151006,false,,false,false,true,2024-02-01T00:00:16.000Z,true,false,false,,2023-12-23T09:15:00.000Z,0 CVE-2023-4217,https://securityvulnerability.io/vulnerability/CVE-2023-4217,Session cookies attribute not set properly,"A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. ",Moxa,Pt-g503 Series,3.1,LOW,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-11-02T17:15:00.000Z,0