Moxa Eds-408a Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Moxa Eds-408a Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-6524 — CVSS 9.8 (critical): Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to…
CVE-2019-6563 — CVSS 9.8 (critical): Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password…
CVE-2019-6557 — CVSS 9.8 (critical): Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution.
CVE-2019-6526 — CVSS 9.8 (critical): Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A…
CVE-2019-6522 — CVSS 9.1 (critical): Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may…
CVE-2019-6561 — CVSS 8.8 (high): Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device.
CVE-2015-6464 — CVSS 8.5 (high): The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to…
CVE-2019-6520 — CVSS 7.5 (high): Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary…
CVE-2019-6518 — CVSS 7.5 (high): Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2015-6465 — CVSS 6.8 (medium): The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial…
CVE-2019-6559 — CVSS 6.5 (medium): Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch…
CVE-2019-6565 — CVSS 6.1 (medium): Moxa IKS and EDS fails to properly validate user input, giving unauthenticated and authenticated attackers the ability to perform XSS…
CVE-2015-6466 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A…