CVE-2023-33236Hard-coded Credentials in Mxsecurity Series

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 81.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moxa Mxsecurity SeriesMoxa Mxsecurity
Timeline
PublishedMay 22

Description

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5moxa/mxsecurity_series1.0

Patches

Patch: www.moxa.comPatch: www.moxa.com

🔴Vulnerability Details

2
CVEList
MXsecurity Hardcoded Credential Vulnerability2023-05-22
GHSA
GHSA-r6wg-6486-p79w: MXsecurity version 12023-05-22
CVE-2023-33236 — Hard-coded Credentials | cvebase