Moxa Mxview vulnerabilities

CVE-2021-40390 [CRITICAL] CWE-798 CVE-2021-40390: An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Se An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-40392 [HIGH] CWE-319 CVE-2021-40392: An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView S An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.

CVE-2021-38454 [CRITICAL] CWE-284 CVE-2021-38454: A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CVE-2021-38452 [HIGH] CWE-22 CVE-2021-38452: A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CVE-2021-38456 [CRITICAL] CWE-259 CVE-2021-38456: A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3 A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords

CVE-2021-38458 [CRITICAL] CWE-74 CVE-2021-38458: A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CVE-2021-38460 [HIGH] CWE-523 CVE-2021-38460: A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

CVE-2020-13536 [HIGH] CWE-276 CVE-2020-13536: An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additi

CVE-2020-13537 [HIGH] CWE-276 CVE-2020-13537: An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additio

CVE-2018-7506 [HIGH] CWE-200 CVE-2018-7506: The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and acces The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.

CVE-2017-14030 [HIGH] CWE-428 CVE-2017-14030: An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerab An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

CVE-2017-7456 [HIGH] CWE-20 CVE-2017-7456: Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk pay Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.

CVE-2017-7455 [HIGH] CWE-200 CVE-2017-7455: Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control. Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.