CVE-2024-6786: MXview One Series vulnerable to Path Traversal
First published: Sat Sep 21 2024(Updated: )
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa MXview One Series | <1.4.1 |
Remedy
Moxa has developed appropriate solutions to address vulnerability. The solutions for affected products are listed below. * MXview One Series: Upgrade to the 1.4.1 version
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-6786?
CVE-2024-6786 is considered a high-severity vulnerability due to its potential for disclosing sensitive information.
How do I fix CVE-2024-6786?
To fix CVE-2024-6786, update your Moxa Mxview One software to version 1.4.1 or later.
What systems are affected by CVE-2024-6786?
CVE-2024-6786 affects the Moxa Mxview One software versions prior to 1.4.1.
What type of attack does CVE-2024-6786 enable?
CVE-2024-6786 enables an attacker to perform path traversal attacks via crafted MQTT messages.
What information can be disclosed due to CVE-2024-6786?
CVE-2024-6786 may allow attackers to read arbitrary files, potentially exposing configuration files and JWT signing secrets.
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/moxa
- canonical/moxa mxview one series