CVE-2021-40390 — Hard-coded Credentials in Mxview Series

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 44.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mxview Series Moxa Mxview

Timeline

PublishedApr 14

Latest updateApr 15

Description

An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5moxa/mxview_series3.2.4

▶NVDmoxa/mxview3.2.4

🔴Vulnerability Details

GHSA

GHSA-wgcx-pj93-24xq: An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3↗2022-04-15

▶

CVEList

CVE-2021-40390: An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3↗2022-04-14

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login↗2022-02-11

▶