cbcvebase.

Moxa Nport Iaw5000A-I O vulnerabilities

6 known vulnerabilities affecting moxa/nport_iaw5000a-i_o.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2020-25190CRITICALCVSS 9.8≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25190 [CRITICAL] CWE-319 CVE-2020-25190: The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmi The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
nvd
CVE-2020-25196CRITICALCVSS 9.8≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25196 [CRITICAL] CWE-307 CVE-2020-25196: The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.
nvd
CVE-2020-25153HIGHCVSS 7.5≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25153 [HIGH] CWE-521 CVE-2020-25153: The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords.
nvd
CVE-2020-25198HIGHCVSS 8.8≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25198 [HIGH] CWE-384 CVE-2020-25198: The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly im The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
nvd
CVE-2020-25194HIGHCVSS 8.8≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25194 [HIGH] CWE-269 CVE-2020-25194: The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privi The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
nvd
CVE-2020-25192MEDIUMCVSS 5.3≥ unspecified, ≤ Version 2.12020-12-23
CVE-2020-25192 [MEDIUM] CWE-200 CVE-2020-25192: The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive i The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization.
nvd