CVSS: 8.7EPSS: 0%CPEs: 49EXPL: 0CVE-2024-7695 – Out-of-bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-7695
29 Jan 2025 — Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240162-cve-2024-7695-out-of-bounds-write-vulnerability-identified-in-multiple-pt-switches • CWE-787: Out-of-bounds Write •
CVSS: 8.7EPSS: 0%CPEs: 47EXPL: 0CVE-2024-9404 – Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-9404
04 Dec 2024 — Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240930-cve-2024-9404-denial-of-service-vulnerability-identified-in-the-vport-07-3-series • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 9.7EPSS: 0%CPEs: 60EXPL: 0CVE-2024-9137 – Moxa Service Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2024-9137
14 Oct 2024 — The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. El producto afectado carece de una comprobación de autenticación al enviar comandos al servidor a través del servicio Moxa. Esta vulnerabilidad permite a un atacante ejecutar comandos específicos, lo que puede provocar descargas o ... • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances • CWE-306: Missing Authentication for Critical Function •