CVE-2024-6786
6
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | MXview One Series | 0 < 1.4 | affected |
Weaknesses
- CWE-24: CWE-24: Path Traversal: '../filedir'
Workarounds
- Minimize network exposure to ensure the device is not accessible from the Internet.
- It is highly recommended to change the default credentials immediately upon your first login to the service. This helps enhance security and prevent unauthorized access.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.