Code Injection in MXview - #VU62730

 

Code Injection in MXview - #VU62730

Published: May 3, 2022


Vulnerability identifier: #VU62730
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Moxa
Affected software:
MXview

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within a crafted module. A remote user can execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.

Sources