CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-46082
https://notcve.org/view.php?id=CVE-2021-46082
18 Feb 2022 — Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. Se ha detectado que los enrutadores de la serie Moxa TN-5900 versión v3.1, las pasarelas de protocolo de la serie MGate 5109 versión v2.2 y las pasarelas de protocolo de la serie MGate 5101-PBM-MN versión v2.1, contienen una pérdida de memoria que permite a atacan... • https://www.moxa.com/en/support/product-support/security-advisory/mgate-5109-5101-protocol-gateways-vulnerability • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46559 – Moxa TN-5900 Firmware Upgrade Checksum Validation
https://notcve.org/view.php?id=CVE-2021-46559
26 Jan 2022 — The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, presenta un algoritmo débil que permite a un atacante vencer un mecanismo de inspección para la protección de la integridad Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary... • https://packetstorm.news/files/id/165786 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2021-46560 – Moxa TN-5900 Post Authentication Command Injection
https://notcve.org/view.php?id=CVE-2021-46560
26 Jan 2022 — The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, permite una inyección de comandos que podría conllevar a daños en el dispositivo Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMT... • https://packetstorm.news/files/id/165787 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-4161 – ICSA-21-357-01 Moxa MGate Protocol Gateways
https://notcve.org/view.php?id=CVE-2021-4161
27 Dec 2021 — The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. Los productos afectados contienen un firmware vulnerable, lo que podría permitir a un atacante husmear el tráfico y descifrar los datos de las credenciales de acceso. Esto podría dar a un atacante derechos de administrador mediante el servidor web HTTP • https://www.cisa.gov/uscert/ics/advisories/icsa-21-357-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38460 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38460
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-523: Unprotected Transport of Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38458 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38458
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38454 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38454
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38456 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38456
12 Oct 2021 — A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords Una vulnerabilidad en el uso de contraseñas codificadas en el software de gestión de red Moxa MXview, versiones 3.x a la versión 3.2.2, puede permitir a un atacante obtener acceso a través de cuentas que utilizan contraseñas predeterminadas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38452 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38452
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 2CVE-2021-39278 – Moxa Command Injection / Cross Site Scripting / Vulnerable Software
https://notcve.org/view.php?id=CVE-2021-39278
01 Sep 2021 — Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. Determinados dispositivos MOXA permiten un ataque de tipo XSS reflejado por medio del menú Config Import. Esto afecta a WAC-2004 versión 1.7, WAC-1001 versión 2.1, WAC-1001-T versión 2.1, O... • https://packetstorm.news/files/id/164014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •