Security Advisory

Moxa Multiple Vulnerabilities

Risk Information

Limited Threat

CVE ID

CVE-2021-37752

CVE-2021-37753

CVE-2021-37755

CVE-2021-37757

CVE-2021-37751

CVE-2021-37754

CVE-2021-37758

CVE-2021-37756

Vunerability Type

Authenticated Command Injection via HTTP

Authentication Bypass via Moxa Service

Plaintext Credential Storage

Unauthenticated Buffer Overflow via Moxa Service

Missing Brute Force Protections for Moxa Service

Valid User Disclosure via Moxa Service

Cross-site Scripting

Unprotected Firmware Update

CVSS3 Score

9.8

9.1

7.5

9.1

7.5

7.8

8.8

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affecting

TAP-213 Series: v1.2 and prior

OnCell G3150A: v1.5 and prior

OnCell G3470A: v1.7 and prior

WDR-3124A: v1.3 and prior

AWK-3131A: v1.16 and prior

AWK-4131A: v1.16 and prior

AWK-1131A: v1.22 and prior

AWK-1137C: v1.6 and prior

Mitigation

Contact Moxa's technical support to patch security issue CVE-2021-37756.

12/30/2021

Free OT Cybersecurity Quick Start Guide for IT

Free OT Cybersecurity Quick Start Guide for IT

Free OT Cybersecurity Quick Start Guide for IT

Dragos 2025 OT Cybersecurity Year in Review

Dragos 2025 OT Cybersecurity Year in Review

Moxa Multiple Vulnerabilities

Affecting

Mitigation