MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2024-6786

CVSS 6.0v4.0pub. 2024-09-21upd. 2024-09-30

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Moxa Mxview One

    APP
    Moxa
    < 1.4.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-6785MEDIUM6.8ten sam produkt

The configuration file stores credentials in cleartext. An attacker with local access rights can read or modif...

CVE-2024-6787MEDIUM6.0ten sam produkt

This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and th...

CVE-2023-39979CRITICAL9.8ten sam vendor

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication....

CVE-2023-33236CRITICAL9.8ten sam vendor

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been report...

CVE-2023-28697CRITICAL9.8ten sam vendor

Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can explo...