VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202003-1665 CVE-2020-6993 Moxa PT-7528 and PT-7828 Information leakage vulnerability in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, an attacker can gain access to sensitive information from the web service without authorization. Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. Attackers can use this vulnerability to obtain sensitive information
VAR-202003-1674 CVE-2020-7007 Moxa EDS-G516E Out-of-bounds write vulnerabilities in series firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. Moxa EDS-G516E A series firmware contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa
VAR-202003-0528 CVE-2019-9096 plural Moxa MGate Vulnerability in requesting weak passwords on devices CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. plural Moxa MGate The device is vulnerable to a weak password request.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have weak password vulnerabilities. Attackers can use this vulnerability to gain access through brute force attacks
VAR-202003-1608 CVE-2020-6985 Moxa PT-7528 and PT-7828 Vulnerability in using hard-coded credentials in series firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. (DoS) It may be put into a state. Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa
VAR-202003-1666 CVE-2020-6995 Moxa PT-7528 and PT-7828 Vulnerability in requesting weak passwords in series firmware CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the application utilizes weak password requirements, which may allow an attacker to gain unauthorized access. Moxa PT-7528 and PT-7828 The series firmware contains a vulnerability related to the request for a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa
VAR-202003-0527 CVE-2019-9095 plural Moxa MGate Inadequate protection of credentials on devices CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have weak encryption algorithm vulnerabilities that attackers can use to obtain sensitive information
VAR-202003-1614 CVE-2020-6991 Moxa EDS-G516E Vulnerability in requesting weak passwords in series firmware CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. Moxa EDS-G516E The series firmware contains a vulnerability related to the request for a weak password.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. Moxa's EDS-G516E and EDS-510E series have weak password vulnerabilities. Attackers can use this vulnerability to obtain sensitive information
VAR-202003-0535 CVE-2019-9104 plural Moxa MGate Inadequate protection of credentials on devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application's configuration file contains parameters that represent passwords in cleartext. plural Moxa MGate Devices contain vulnerabilities in insufficient protection of credentials.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have information disclosure vulnerabilities that attackers can use to access administrative accounts
VAR-202003-1601 CVE-2020-6983 Moxa PT-7528 and PT-7828 Vulnerability in using hard-coded credentials in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa
VAR-202003-0531 CVE-2019-9099 plural Moxa MGate Classic buffer overflow vulnerability in device CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). plural Moxa MGate A classic buffer overflow vulnerability exists on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MGate MB3170, etc. are all products of Moxa Company in Taiwan, China. Moxa MGate MB3170 is a MB3170 series Ethernet gateway product. Moxa MGate MB3270 is a MB3270 series Ethernet gateway product. Moxa MGate MB3280 is a MB3280 series Ethernet gateway product. An attacker can use this vulnerability to cause a denial of service or execute arbitrary code
VAR-202003-1667 CVE-2020-6997 Moxa EDS-G516E Vulnerability in plaintext transmission of critical information in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. An attacker can use this vulnerability to obtain sensitive information
VAR-202003-0598 CVE-2019-6560 plural Auto-Maskin Product password management vulnerabilities CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. Auto-Maskin is a set of firmware that controls Norwegian marine diesel engines. Auto-Maskin RP210E forgets that there is a security vulnerability in the password mechanism. A remote attacker can use this vulnerability to submit a special request to change the password of any user
VAR-202003-0534 CVE-2019-9103 plural Moxa MGate Information leakage vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. plural Moxa MGate The device contains a vulnerability related to information leakage.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have information disclosure vulnerabilities
VAR-202003-0532 CVE-2019-9101 plural Moxa MGate Vulnerability in plaintext transmission of critical information on devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. plural Moxa MGate The device contains a vulnerability in the transmission of important information in clear text.Information may be obtained. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd
VAR-202003-1599 CVE-2020-6981 Moxa EDS-G516E Vulnerability in using hard-coded credentials in series firmware CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. Moxa EDS-G516E A vulnerability exists in the series firmware regarding the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa
VAR-202003-0529 CVE-2019-9097 plural Moxa MGate Vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. plural Moxa MGate An unspecified vulnerability exists in the device.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. A number of Moxa products have security vulnerabilities that attackers can use to create a temporary denial of service
VAR-202003-1669 CVE-2020-7001 Moxa EDS-G516E Vulnerability in using cryptographic algorithms in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. Moxa EDS-G516E and EDS-510E series are Ethernet switches manufactured by Moxa. Moxa's EDS-G516E and EDS-510E series have weak cryptographic algorithm vulnerabilities. Attackers can use this vulnerability to obtain sensitive information
VAR-202003-0530 CVE-2019-9098 plural Moxa MGate Integer overflow vulnerability in device CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. plural Moxa MGate The device is vulnerable to integer overflow.Service operation interruption (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd
VAR-202003-0533 CVE-2019-9102 plural Moxa MGate Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. plural Moxa MGate A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Moxa MB3170/MB3270/MB3180/MB3280/MB3480/MB3660 series is an advanced Ethernet gateway device produced by Taiwan Moxa Technology Co., Ltd. Many Moxa products have cross-site request forgery vulnerabilities
VAR-202003-1610 CVE-2020-6987 Moxa PT-7528 and PT-7828 Vulnerability in using cryptographic algorithms in series firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed. Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. Attackers can use this vulnerability to obtain sensitive information