// For flags

CVE-2024-4740

MXsecurity Use of Hard-coded Credentials

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. This vulnerability could allow an attacker to tamper with sensitive data.

Las versiones v1.1.0 y anteriores del software MXsecurity son vulnerables debido al uso de credenciales codificadas. Esta vulnerabilidad podrĂ­a permitir que un atacante altere datos confidenciales.

*Credits: Sean Cai, Chris Huang
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-05-10 CVE Reserved
  • 2024-10-18 CVE Published
  • 2024-10-18 CVE Updated
  • 2024-10-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
  • CAPEC-191: Read Sensitive Constants Within an Executable
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Moxa
Search vendor "Moxa"
MXsecurity Series
Search vendor "Moxa" for product "MXsecurity Series"
>= 1.0.0 <= 1.1.0
Search vendor "Moxa" for product "MXsecurity Series" and version " >= 1.0.0 <= 1.1.0"
en
Affected