Moxa Multiple Vulnerabilities
Limited Threat
CVE ID
CVE-2021-37752
CVE-2021-37753
CVE-2021-37755
CVE-2021-37757
CVE-2021-37751
CVE-2021-37754
CVE-2021-37758
CVE-2021-37756
Vunerability Type
Authenticated Command Injection via HTTP
Authentication Bypass via Moxa Service
Plaintext Credential Storage
Unauthenticated Buffer Overflow via Moxa Service
Missing Brute Force Protections for Moxa Service
Valid User Disclosure via Moxa Service
Cross-site Scripting
Unprotected Firmware Update
CVSS3 Score
9.8
9.1
7.5
9.1
7.5
7.5
7.8
8.8
CVSSv3 Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affecting
Mitigation
Contact Moxa's technical support to patch security issue CVE-2021-37756.
12/30/2021