Mxview

mxview

Vendor: Moxa • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-40392 1Moxa 1Mxview Nov 21, 2024 Apr 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic t...Show more An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. Network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to exploit this vulnerability.Show less
CVE-2021-40390 1Moxa 1Mxview Nov 21, 2024 Apr 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to tr...Show more An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Series 3.2.4. A specially-crafted HTTP request can lead to unauthorized access. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2021-38460 1Moxa 1Mxview Nov 21, 2024 Oct 12, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38458 1Moxa 1Mxview Nov 21, 2024 Oct 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38456 1Moxa 1Mxview Nov 21, 2024 Oct 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to gain access through accounts using default passwords
CVE-2021-38454 1Moxa 1Mxview Nov 21, 2024 Oct 12, 2021 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2021-38452 1Moxa 1Mxview Nov 21, 2024 Oct 12, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
CVE-2020-13537 1Moxa 1Mxview Nov 21, 2024 Nov 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replac...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.Show less
CVE-2020-13536 1Moxa 1Mxview Nov 21, 2024 Nov 5, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replac...Show more An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.Show less
CVE-2018-7506 1Moxa 1Mxview Nov 21, 2024 Apr 6, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
CVE-2017-14030 1Moxa 1Mxview Nov 21, 2024 Jan 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquot...Show more An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.Show less
CVE-2017-7456 1Moxa 1Mxview May 13, 2026 Apr 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
CVE-2017-7455 1Moxa 1Mxview May 13, 2026 Apr 14, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.