Moxa Security Vulnerabilities (CVEs)
Track 39 security vulnerabilities affecting Moxa products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes a physical attack vulnerability in Moxa industrial computers where an attacker with invasive physical access can capture TPM commun...
Feb 5, 2026This vulnerability allows attackers with physical access to Moxa industrial computers to access the bootloader menu using a device-unique password. Th...
Feb 5, 2026MXsecurity software versions v1.1.0 and prior contain hard-coded credentials that could allow attackers to access and tamper with sensitive data. This...
Oct 18, 2024This CVE describes a Time-of-Check Time-of-Use (TOCTOU) race condition vulnerability in Moxa's MXview One and MXview One Central Manager series. Attac...
Sep 21, 2024This vulnerability allows attackers with local access to read or modify configuration files containing cleartext credentials. This affects Moxa MXview...
Sep 21, 2024OnCell G3470A-LTE Series devices with firmware v1.7.7 and earlier have a buffer overflow vulnerability due to missing bounds checking. An attacker cou...
Jun 25, 2024CVE-2024-4638 is a command injection vulnerability in OnCell G3470A-LTE Series industrial cellular routers. Attackers can execute arbitrary commands b...
Jun 25, 2024A stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series devices allows remote attackers to send craf...
Mar 6, 2024A Cross-Site Request Forgery (CSRF) vulnerability in ioLogik E1200 Series firmware allows attackers to trick authenticated users into performing unint...
Dec 23, 2023MXsecurity versions before v1.0.1 have an authentication bypass vulnerability that allows remote attackers to access device information without proper...
Sep 2, 2023This vulnerability allows remote attackers to bypass authentication in MXsecurity versions before 1.0.1 due to insufficient randomness in the web serv...
Sep 2, 2023This vulnerability allows authenticated attackers to delete arbitrary files on affected TN-4900 and TN-5900 Series devices through command injection i...
Aug 17, 2023This vulnerability allows remote attackers to execute arbitrary commands on TN-5900 Series devices due to insufficient input validation in the certifi...
Aug 17, 2023This CVE describes a command injection vulnerability in Moxa TN-4900 and TN-5900 series industrial routers. Insufficient input validation in certifica...
Aug 17, 2023This CVE describes a command injection vulnerability in TN-5900 Series firmware that allows remote code execution. Attackers can exploit insufficient ...
Aug 17, 2023This vulnerability allows low-privileged users to execute restricted actions intended only for high-privileged users due to improper authentication in...
Aug 17, 2023MXsecurity version 1.0 contains hardcoded credentials that allow attackers to craft arbitrary JWT tokens and bypass authentication for web-based APIs....
May 22, 2023Moxa MiiNePort E1 devices have an insufficient access control vulnerability that allows unauthenticated remote attackers to perform arbitrary system o...
Apr 27, 2023An attacker with physical access to Moxa UC Series devices can restart them, access the BIOS, modify boot parameters to gain terminal access, and then...
Mar 7, 2023This vulnerability allows remote attackers to cause denial of service in Moxa SDS-3008 industrial switches by sending specially crafted HTTP headers. ...
Feb 7, 2023CVE-2022-40693 is a cleartext transmission vulnerability in Moxa SDS-3008 industrial switches that allows attackers to intercept sensitive information...
Feb 7, 2023This vulnerability in Moxa MGate protocol gateways allows attackers to perform man-in-the-middle attacks by intercepting and potentially modifying com...
Apr 15, 2022CVE-2021-40392 is an information disclosure vulnerability in Moxa MXView network management software where unencrypted network traffic exposes sensiti...
Apr 14, 2022CVE-2021-32974 is a critical remote code execution vulnerability in Moxa NPort IAW5000A-I/O series devices. Improper input validation in the built-in ...
Apr 1, 2022Two buffer overflow vulnerabilities in the built-in web server of Moxa NPort IAW5000A-I/O Series devices allow remote attackers to cause denial-of-ser...
Apr 1, 2022This vulnerability allows remote attackers to execute arbitrary commands on Moxa TN-5900 secure routers through command injection in the firmware. Att...
Jan 26, 2022A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical system files, potentially l...
Oct 12, 2021A path traversal vulnerability in Moxa MXview Network Management software allows attackers to create or overwrite critical files, potentially leading ...
Oct 12, 2021This vulnerability allows authenticated attackers to execute arbitrary operating system commands on affected MOXA devices via the /forms/web_importTFT...
Sep 7, 2021CVE-2021-33823 is a denial-of-service vulnerability in MOXA Mgate MB3180 gateways where attackers can exhaust web service resources by flooding TCP SY...
Jun 18, 2021CVE-2020-27185 allows attackers to intercept authentication data, device configurations, and other sensitive information transmitted in cleartext via ...
May 14, 2021This vulnerability in Moxa NPort IA5000A Series serial device servers exposes all user passwords and sensitive data when exporting device configuratio...
May 14, 2021This vulnerability allows attackers to cause a denial of service on Moxa VPort 06EC-2V Series IP cameras by sending a specially crafted LLDP packet. T...
May 10, 2021This vulnerability in Moxa VPort 06EC-2V Series IP cameras allows attackers to disclose sensitive information by sending specially crafted LLDP packet...
May 10, 2021CVE-2021-25848 is an out-of-bounds read vulnerability in Moxa VPort 06EC-2V Series IP cameras. Attackers can send specially crafted LLDP packets to di...
May 10, 2021This vulnerability allows remote attackers to execute arbitrary code on affected Moxa secure routers by sending specially crafted requests. It affects...
Feb 3, 2021This vulnerability allows attackers to compromise MOXA NPort IAW5000A-I/O devices through weak password enforcement in the built-in web service. Affec...
Dec 23, 2020The built-in WEB server in MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions that can be brute-forced to bypass authent...
Dec 23, 2020This CVE describes a command injection vulnerability in Moxa VPort 461 Series Industrial Video Servers that allows remote attackers to execute arbitra...
Nov 2, 2020Why Monitor Moxa Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 39+ known vulnerabilities affecting Moxa products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Moxa packages in under 60 seconds. No agents required - completely agentless scanning that works across Moxa deployments.
Free vulnerability database: Access detailed information about every Moxa CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Moxa CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
