CVE-2024-6786

Summary

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

Affected Software

VendorProductVersion RangeStatus
MoxaMXview One Series0 < 1.4affected

Weaknesses

  • CWE-24: CWE-24: Path Traversal: '../filedir'

Workarounds

  • Minimize network exposure to ensure the device is not accessible from the Internet.
  • It is highly recommended to change the default credentials immediately upon your first login to the service. This helps enhance security and prevent unauthorized access.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References