CVE-2024-6787 – MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition
https://notcve.org/view.php?id=CVE-2024-6787
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbitrary files to the system. This could allow the attacker to execute malicious code and potentially cause file losses. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2024-6786 – MXview One Series vulnerable to Path Traversal
https://notcve.org/view.php?id=CVE-2024-6786
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series • CWE-24: Path Traversal: '../filedir' •
CVE-2024-6785 – MXview One and MXview One Central Manger Series store cleartext credentials in a local file
https://notcve.org/view.php?id=CVE-2024-6785
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-240735-multiple-vulnerabilities-in-mxview-one-and-mxview-one-central-manager-series • CWE-313: Cleartext Storage in a File or on Disk •
CVE-2024-4641 – OnCell G3470A-LTE Series: Authenticated Format String Errors
https://notcve.org/view.php?id=CVE-2024-4641
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a que aceptan una cadena de formato de una fuente externa como argumento. Un atacante podría modificar una cadena de formato controlada externamente para provocar una pérdida de memoria y una denegación de servicio. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-134: Use of Externally-Controlled Format String •
CVE-2024-4640 – OnCell G3470A-LTE Series: Authenticated Command Injection via sendTestEmail
https://notcve.org/view.php?id=CVE-2024-4640
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores se han identificado como vulnerables debido a la falta de verificación de los límites en las operaciones del búfer. Un atacante podría escribir más allá de los límites de las regiones del búfer asignadas en la memoria, provocando un bloqueo del programa. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •