An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Hos
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could i
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows an aut
An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API e
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interf
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-priv
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process
An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration fil
This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized c
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient valid
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Ho
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduc
An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOC
Post-authenticated external control of system web interface configuration setting vulnerability in Danfoss AK-SM8xxA Series prior to 4.3.1, which could allow for a denial of service attack induced by
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site sc
Page 1+ Next →