Moxa Tn-G4500 Series vulnerabilities

CVE-2025-1679 [MEDIUM] CWE-79 CVE-2025-1679: Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is classified as stored cross-site scripting (XSS); attackers inj

CVE-2025-1680 [NONE] CWE-349 CVE-2025-1680: An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Mo An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa’s Ethernet switches, which allows attackers with administrative privileges to manipulate HTTP Host headers by injecting a specially crafted Host header into HTTP requests sent to an affected device’s web service. This vulnerability is classified as Hos

CVE-2024-7695 [HIGH] CWE-787 CVE-2024-7695: Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused Multiple switches are affected by an out-of-bounds write vulnerability. This vulnerability is caused by insufficient input validation, which allows data to be written to memory outside the bounds of the buffer. Successful exploitation of this vulnerability could result in a denial-of-service attack.

CVE-2024-9137 [HIGH] CWE-306 CVE-2024-9137: The affected product lacks an authentication check when sending commands to the server via the Moxa The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.