The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMoxa Mxview One
APPMoxa< 1.4.1
Powiązane podatności
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modif...
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and th...
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication....
MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been report...
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can explo...