CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13536

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority...

Privilege escalation

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13537

Moxa MXView Series 3.1.8 is affected by local privilege escalation vulnerabilities (CVE-2020-13537) where an attacker can gain SYSTEM privileges by abusing filesystem permissions. By default MXViewService runs with NT SYSTEM and executes a chain of Node.js scripts; an attacker can either add code...

CVE-2020-13537

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority us...

CVE-2020-13536

An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority...

CVE-2020-13536

Moxa MXView Series 3.1.8 contains a local privilege escalation (CVE-2020-13536) via file-permission misconfigurations that allow an attacker with local access to modify files executed by MXViewService. Talos documents exploitation paths through the execution chain: services.exe -> MXViewServic...

Moxa MXView installation File Permission System Authorization Issues Vulnerability

Moxa MXView is a software from Moxa Taiwan, China specialized in managing networks. The software can be used to perform operations such as configuration processing for all devices within the network. An authorization issue vulnerability exists in the file permission system in Moxa MXView...

Moxa MXView series installation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability November 3, 2020 CVE Number CVE-2020-13537,CVE-2020-13536 SUMMARY Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Moxa MXView series...

Moxa Mxview Information Disclosure Vulnerability

Moxa MXview is a network management software for monitoring and diagnosing industrial networks. An information disclosure vulnerability exists in Moxa Mxview version 2.8 and earlier. The vulnerability arises because the private key of the web server in Moxa Mxview can be read and accessed via HTT...

CVE-2018-7506

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information...

Information disclosure

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information...

CVE-2018-7506

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information...

CVE-2018-7506

The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information...

CVE-2018-7506

CVE-2018-7506 affects Moxa MXview 2.8 and earlier, where the web server private key can be read via HTTP GET, enabling information disclosure and potential decryption of encrypted data. Public sources confirm this is an information exposure vulnerability; Moxa released MXview 2.9 as a fix. No exp...

Moxa MXview

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Moxa Equipment : MXview Vulnerabilities : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to access and read cryptographic...

Moxa MXview Elevation of Privilege Vulnerability

Moxa MXView is Moxa's network management software for configuring, monitoring and diagnosing network devices in industrial Ethernet networks. An elevation of privilege vulnerability exists in Moxa MXview 2.8 and prior versions. The vulnerability allows an attacker to elevate privileges by inserti...

Path traversal

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path...