CVE-2018-7506: Infoleak
First published: Fri Apr 06 2018(Updated: )
The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa MXview | <=2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-7506?
CVE-2018-7506 is a vulnerability in Moxa MXview versions 2.8 and prior that allows a remote attacker to read and access the private key of the web server via an HTTP GET request.
How severe is CVE-2018-7506?
CVE-2018-7506 has a severity score of 7.5 (High).
How can a remote attacker exploit CVE-2018-7506?
A remote attacker can exploit CVE-2018-7506 by sending an HTTP GET request to read and access the private key of the web server.
Which versions of Moxa MXview are affected by CVE-2018-7506?
Moxa MXview versions 2.8 and prior are affected by CVE-2018-7506.
Are there any references for CVE-2018-7506?
Yes, you can find references for CVE-2018-7506 at http://www.securityfocus.com/bid/103722 and https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moxa
- canonical/moxa mxview
- version/moxa mxview/2.8