The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information.
CVSS Score
7.5
EPSS Score
0.011
Published
2018-04-06
An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-12
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
CVSS Score
7.5
EPSS Score
0.4
Published
2017-04-14
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
CVSS Score
7.5
EPSS Score
0.289
Published
2017-04-14