CVE-2021-40392
published 2022-04-14CVE-2021-40392: An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.57%
42.9th percentile
An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moxa | mxview | — | — |
| moxa | mxview_series | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login
blogs_talos·2022-02-11·CVSS 9.8
CVE-2021-40392 [CRITICAL] Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login
Patrick DeSantis of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered two vulnerabilities in Moxa's MXview network management software that could allow an attacker to view sensitive data or bypass the need to log into the device.
MXview is designed for users to configure, monitor and diagnose networking devices connected to networks in industrial control system environments.
TALOS-2021-1403 (CVE-2021-40392) exists in MXview’s web application. An attacker could sniff traffic and gain the appropriate information to then exploit the vulnerability and view unencrypted network communication.
An attacker could also access the device without any prior authentication by exploiting TALOS-2021-1401 (CVE-2021-40390) by sending a specially crafted HTTP request to the ta
Talos
Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login
blogs_talos·2022-02-11·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login
## Vulnerability Spotlight: Vulnerabilities in Moxa MXView could allow attacker to view sensitive information, bypass login
Patrick DeSantis of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered two vulnerabilities in Moxa's MXview network management software that could allow an attacker to view sensitive data or bypass the need to log into the device.
MXview is designed for users to configure, monitor and diagnose networking devices connected to networks in industrial control system environments.
TALOS-2021-1403 (CVE-2021-40392) exists in MXview’s web application. An attacker could sniff traffic and gain the appropriate information to then exploit the vulnerability and view unencrypted network communication.
An attacker could also access the device without
2022-04-14
Published