MEDIUM✓ PATCH🇬🇧 English

CVE-2024-6786

CVSS 6.0v4.0pub. 2024-09-21upd. 2024-09-30

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Moxa Mxview One

    APP
    Moxa
    < 1.4.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2024-6785MEDIUM6.8ten sam produkt

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modif...

CVE-2024-6787MEDIUM6.0ten sam produkt

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and th...

CVE-2023-39979CRITICAL9.8ten sam vendor

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication....

CVE-2023-33236CRITICAL9.8ten sam vendor

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been report...

CVE-2023-28697CRITICAL9.8ten sam vendor

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can explo...