Moxa Eds-408a_firmware

13 CVEs affecting Moxa Eds-408a_firmware. Latest disclosed: 2019-04-15. Critical: 5, High: 3.

Top CVEs affecting Moxa Eds-408a_firmware
CVESeverityScorePublishedSummary
CVE-2019-6526Critical9.82019-04-15Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 an…
CVE-2019-6563Critical9.82019-03-05Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a…
CVE-2019-6557Critical9.82019-03-05Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6524Critical9.82019-03-05Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via…
CVE-2019-6522Critical9.12019-03-05Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to re…
CVE-2019-6561High8.82019-03-05Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2019-6520High7.52019-03-05Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes.
CVE-2019-6518High7.52019-03-05Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2019-6559Medium6.52019-03-05Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash.
CVE-2019-6565Medium6.12019-03-05Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS attacks, which may be use…
CVE-2015-64662015-09-11Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware…
CVE-2015-64652015-09-11The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot)…
CVE-2015-64642015-09-11The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protec…