CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-32970 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32970
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. Los datos pueden ser copiados sin ser comprobados en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, lo que puede permitir a un atacante remoto causar condiciones de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-32974 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32974
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. Una comprobación inapropiada de la entrada en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior puede permitir a un atacante remoto ejecutar comandos • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-32968 – Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-32968
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. Dos desbordamientos de búfer en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, pueden permitir a un atacante remoto causar una condición de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-46082
https://notcve.org/view.php?id=CVE-2021-46082
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. Se ha detectado que los enrutadores de la serie Moxa TN-5900 versión v3.1, las pasarelas de protocolo de la serie MGate 5109 versión v2.2 y las pasarelas de protocolo de la serie MGate 5101-PBM-MN versión v2.1, contienen una pérdida de memoria que permite a atacantes causar una denegación de servicio (DoS) por medio de paquetes diseñados • https://www.moxa.com/en/support/product-support/security-advisory/mgate-5109-5101-protocol-gateways-vulnerability https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerability • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46559 – Moxa TN-5900 Firmware Upgrade Checksum Validation
https://notcve.org/view.php?id=CVE-2021-46559
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, presenta un algoritmo débil que permite a un atacante vencer un mecanismo de inspección para la protección de la integridad Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted • https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities • CWE-345: Insufficient Verification of Data Authenticity •