CVE-2024-6786: MXview One Series vulnerable to Path Traversal
First published: Sat Sep 21 2024(Updated: )
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
Credit: psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Mxview One | <1.4.1 |
Remedy
Moxa has developed appropriate solutions to address vulnerability. The solutions for affected products are listed below. * MXview One Series: Upgrade to the 1.4.1 version
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/tags
- vendor/moxa
- canonical/moxa mxview one