Moxa Mxsecurity Series vulnerabilities

10 known vulnerabilities affecting moxa/mxsecurity_series.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-9315MEDIUMCVSS 6.3≥ 1.0, ≤ 2.3.02025-12-10
CVE-2025-9315 [MEDIUM] CWE-915 CVE-2025-9315: An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification o An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON payload to the device's registration endpoint /api/v1/devices
cvelistv5nvd
CVE-2024-4739HIGHCVSS 7.5≥ 1.0, ≤ 1.1.02024-10-18
CVE-2024-4739 [MEDIUM] CWE-749 CVE-2024-4739: The lack of access restriction to a resource from unauthorized users makes MXsecurity software versi The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource.
cvelistv5nvd
CVE-2024-4740HIGHCVSS 7.5≥ 1.0, ≤ 1.1.02024-10-18
CVE-2024-4740 [MEDIUM] CWE-798 CVE-2024-4740: MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded creden MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.
cvelistv5nvd
CVE-2023-39979CRITICALCVSS 9.8≥ 1.0, ≤ 1.0.12023-09-02
CVE-2023-39979 [CRITICAL] CWE-334 CVE-2023-39979: There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authe There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
cvelistv5nvd
CVE-2023-39980HIGHCVSS 8.1≥ 1.0, ≤ 1.0.12023-09-02
CVE-2023-39980 [HIGH] CWE-89 CVE-2023-39980: A vulnerability that allows the unauthorized disclosure of authenticated information has been identi A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.
cvelistv5nvd
CVE-2023-39981HIGHCVSS 7.5≥ 1.0, ≤ 1.0.12023-09-02
CVE-2023-39981 [HIGH] CWE-306 CVE-2023-39981: A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker.
cvelistv5nvd
CVE-2023-39983MEDIUMCVSS 5.3≥ 1.0, ≤ 1.0.12023-09-02
CVE-2023-39983 [MEDIUM] CWE-915 CVE-2023-39983: A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm- A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
cvelistv5nvd
CVE-2023-39982MEDIUMCVSS 5.9≥ 1.0, ≤ 1.0.12023-09-02
CVE-2023-39982 [HIGH] CWE-321 CVE-2023-39982: A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may pu A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.
cvelistv5nvd
CVE-2023-33236CRITICALCVSS 9.8v1.02023-05-22
CVE-2023-33236 [CRITICAL] CWE-798 CVE-2023-33236: MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has b MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.
cvelistv5nvd
CVE-2023-33235HIGHCVSS 8.8v1.02023-05-22
CVE-2023-33235 [HIGH] CWE-77 CVE-2023-33235: MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.
cvelistv5nvd