The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 30 Sep 2024 19:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Moxa Moxa mxview One | |
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:moxa:mxview_one:*:*:*:*:*:*:*:* | |
| Vendors & Products | Moxa Moxa mxview One | 
Thu, 26 Sep 2024 07:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Mon, 23 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Sat, 21 Sep 2024 04:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. | |
| Title | MXview One Series vulnerable to Path Traversal | |
| Weaknesses | CWE-24 | |
| References |  | |
| Metrics | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: Moxa
Published: 2024-09-21T04:14:22.667Z
Updated: 2024-09-26T06:52:45.192Z
Reserved: 2024-07-16T09:32:41.142Z
Link: CVE-2024-6786
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-23T14:04:59.751Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-09-21T05:15:12.397
Modified: 2024-09-30T18:31:50.473
Link: CVE-2024-6786
 Redhat
                        Redhat
                    No data.