CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38460 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38460
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-523: Unprotected Transport of Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38458 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38458
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38454 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38454
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software Versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38456 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38456
12 Oct 2021 — A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords Una vulnerabilidad en el uso de contraseñas codificadas en el software de gestión de red Moxa MXview, versiones 3.x a la versión 3.2.2, puede permitir a un atacante obtener acceso a través de cuentas que utilizan contraseñas predeterminadas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38452 – Moxa MXview Network Management Software
https://notcve.org/view.php?id=CVE-2021-38452
12 Oct 2021 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Una vulnerabilidad de salto de ruta en Moxa MXview Network Management software versiones 3.x a 3.2.2, puede permitir a un atacante crear o sobrescribir archivos críticos usados para ejecutar código, como programas o bibliotecas • https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13537
https://notcve.org/view.php?id=CVE-2020-13537
05 Nov 2020 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. Se presenta una vulnerabilidad de elevación de privilegios local explotable ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1148 • CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13536
https://notcve.org/view.php?id=CVE-2020-13536
05 Nov 2020 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la insta... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1148 • CWE-276: Incorrect Default Permissions •