Moxa Nat-102 Series
15 CVEs affecting Moxa Nat-102 Series. Latest disclosed: 2025-10-17. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-9140 | Critical | 9.8 | 2025-01-03 | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS… |
CVE-2024-9137 | Critical | 9.4 | 2024-10-14 | The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute s… |
CVE-2023-33239 | High | 8.8 | 2023-08-17 | TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Th… |
CVE-2023-34217 | High | 8.1 | 2023-08-17 | TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Th… |
CVE-2023-34216 | High | 8.1 | 2023-08-17 | TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Th… |
CVE-2024-9138 | High | 7.2 | 2025-01-03 | Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability invol… |
CVE-2024-9139 | High | 7.2 | 2024-10-14 | The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code. |
CVE-2023-33238 | High | 7.2 | 2023-08-17 | TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Th… |
CVE-2025-6950 | | 2025-10-17 | An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret ke… | |
CVE-2025-6949 | | 2025-10-17 | An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in… | |
CVE-2025-6894 | | 2025-10-17 | An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization l… | |
CVE-2025-6893 | | 2025-10-17 | An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control h… | |
CVE-2025-6892 | | 2025-10-17 | An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allo… | |
CVE-2025-0676 | | 2025-04-02 | This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input… | |
CVE-2025-0415 | | 2025-04-02 | A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Succe… |