The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 | Third Party Advisory US Government Resource |
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series | Patch Vendor Advisory |
Configurations
History
30 Sep 2024, 18:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Moxa mxview One
Moxa |
|
CPE | cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:* | |
CWE | CWE-22 | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05 - Third Party Advisory, US Government Resource | |
References | () https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series - Patch, Vendor Advisory |
26 Sep 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
21 Sep 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-21 05:15
Updated : 2024-09-30 18:31
NVD link : CVE-2024-6786
Mitre link : CVE-2024-6786
CVE.ORG link : CVE-2024-6786
JSON object : View
Products Affected
moxa
- mxview_one