13 matches found
CVE-2021-40392
CVE-2021-40392 affects Moxa MXView Series 3.2.4 Web Application. TALOS documents an information-disclosure flaw where credentials and other data may be sent in cleartext over unencrypted HTTP, enabling network sniffing to disclose sensitive information and, in some cases, potentially enable code ...
CVE-2021-40390
CVE-2021-40390 is an authentication bypass in MOXA MXView Series 3.2.4 Web Application. The TALOS advisory confirms a vulnerability that allows an unauthenticated, remote attacker to trigger access via a specially crafted HTTP request, with tested impact up to remote code execution in certain con...
CVE-2017-7455
CVE-2017-7455 affects Moxa MXView 2.8. The vulnerability is a remote information-disclosure where an attacker can read the web server’s private key. Technical detail from the packet-plug: MXView stores a copy of its web server private key at C:\Users\TARGET-USER\AppData\Roaming\moxa\mxview\web\ce...
CVE-2017-14030
CVE-2017-14030 affects Moxa MXview v2.8 and earlier. The issue is an unquoted service path that enables local privilege escalation for an authorized user with file access by inserting arbitrary code into the unquoted path. The vulnerability impact is elevated privileges (C/I/A: high) with local a...
CVE-2020-13537
Moxa MXView Series 3.1.8 is affected by local privilege escalation vulnerabilities (CVE-2020-13537) where an attacker can gain SYSTEM privileges by abusing filesystem permissions. By default MXViewService runs with NT SYSTEM and executes a chain of Node.js scripts; an attacker can either add code...
CVE-2017-7456
CVE-2017-7456 affects Moxa MXView 2.8, where remote attackers can cause a Denial of Service by sending an oversized junk payload in the MXView login credentials. Impact is DoS on the MXView server. Public advisories and open-source checks corroborate the DoS vector and tie the vulnerability to MX...
CVE-2020-13536
Moxa MXView Series 3.1.8 contains a local privilege escalation (CVE-2020-13536) via file-permission misconfigurations that allow an attacker with local access to modify files executed by MXViewService. Talos documents exploitation paths through the execution chain: services.exe -> MXViewServic...
CVE-2021-38452
CVE-2021-38452 — Moxa MXview path traversal affects MXview Network Management Software, versions 3.x–3.2.2. The vulnerability is a path traversal in an unauthenticated route (/tmp) that allows reading arbitrary files, potentially exposing plaintext passwords and configuration data used to execute...
CVE-2021-38458
MXview Network Management Software (Moxa) versions 3.x–3.2.2 contain CVE-2021-38458, an improper neutralization of special elements that can lead to remote code execution. The issue is part of a set of chainable vulnerabilities (CVE-2021-38452/38454/38456/38460) that can enable pre-authenticated ...
CVE-2021-38460
MXview, version 3.x–3.2.2, contains CVE-2021-38460: a credential leakage/ unprotected transport vulnerability that may allow an attacker to obtain credentials. The condition is tied to password exposure in transit and storage, enabling potential unauthorized access. mitigations documented across ...
CVE-2021-38454
CVE-2021-38454 affects Moxa MXview Network Management Software versions 3.x–3.2.2. It is described as a misconfigured service that allows remote MQTT connections, enabling attackers to interact with the MQTT broker and potentially trigger remote code execution via subsequent actions (e.g., comman...
CVE-2021-38456
CVE-2021-38456 affects Moxa MXview Network Management Software versions 3.x–3.2.2 and is caused by the use of hard-coded passwords. Impacted actors could gain access through default credentials, with a user impact described as high. The related materials indicate a high-severity, remotely exploit...
CVE-2018-7506
CVE-2018-7506 affects Moxa MXview 2.8 and earlier, where the web server private key can be read via HTTP GET, enabling information disclosure and potential decryption of encrypted data. Public sources confirm this is an information exposure vulnerability; Moxa released MXview 2.9 as a fix. No exp...