CVSS: 8.7EPSS: 0%CPEs: 49EXPL: 0CVE-2024-7695 – Out-of-bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-7695
29 Jan 2025 — Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12297 – Frontend Authorization Logic Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-12297
15 Jan 2025 — Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device. El c... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241407-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-in-eds-508a-series • CWE-656: Reliance on Security Through Obscurity •
CVSS: 8.7EPSS: 0%CPEs: 47EXPL: 0CVE-2024-9404 – Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-9404
04 Dec 2024 — Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.7EPSS: 0%CPEs: 60EXPL: 0CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-9137
14 Oct 2024 — The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •