CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46560 – Moxa TN-5900 Post Authentication Command Injection
https://notcve.org/view.php?id=CVE-2021-46560
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, permite una inyección de comandos que podría conllevar a daños en el dispositivo Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMTUpload. • https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4161 – ICSA-21-357-01 Moxa MGate Protocol Gateways
https://notcve.org/view.php?id=CVE-2021-4161
The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. Los productos afectados contienen un firmware vulnerable, lo que podría permitir a un atacante husmear el tráfico y descifrar los datos de las credenciales de acceso. Esto podría dar a un atacante derechos de administrador mediante el servidor web HTTP • https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38460 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38460
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-523: Unprotected Transport of Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38458 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38458
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38454 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38454
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •