CVE-2024-6786

CWE-24CWE-22Path Traversal3 documents3 sources
Severity
6.0MEDIUM
EPSS
0.5%
top 32.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moxa Mxview ONE SeriesMoxa Mxview ONE
Timeline
PublishedSep 21

Description

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDmoxa/mxview_one< 1.4.1
CVEListV5moxa/mxview_one_series< 1.4

Patches

Patch: www.moxa.com

🔴Vulnerability Details

2
CVEList
MXview One Series vulnerable to Path Traversal2024-09-21
GHSA
GHSA-26q7-27mp-g4qj: The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on t2024-09-21
CVE-2024-6786 (MEDIUM CVSS 6) | The vulnerability allows an attacke | cvebase.io