The Moxa MXsecurity Series running on the remote host uses a hard-coded JWT key. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass authentication to perform otherwise restricted operations.
Binary data moxa_mxsecurity_cve-2023-33236.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
moxa | mxsecurity | cpe:/a:moxa:mxsecurity |