CVE-2024-6785: MXview One and MXview One Central Manager Series store cleartext credentials in a local file
First published: Sat Sep 21 2024(Updated: )
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Mxview One | <1.4.1 | |
| Moxa Mxview One Central Manager | =1.0.0 |
Remedy
Moxa has developed appropriate solutions to address vulnerability. The solutions for affected products are listed below. * MXview One Series: Upgrade to the 1.4.1 version * MXview One Central Manager Series: Upgrade to the 1.0.3 version
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa mxview one
- canonical/moxa mxview one central manager
- version/moxa mxview one central manager/1.0.0