ID
VAR-202110-0573
CVE
CVE-2021-38454
TITLE
Moxa MXview Network Management Fraudulent Authentication Vulnerability in Software
Trust: 0.8
sources:
JVNDB: JVNDB-2021-013655
DESCRIPTION
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. Moxa MXview Network Management An incorrect authentication vulnerability exists in the software.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.8
sources:
NVD: CVE-2021-38454 //
JVNDB: JVNDB-2021-013655 //
VULHUB: VHN-400071 //
VULMON: CVE-2021-38454
AFFECTED PRODUCTS
| vendor: | moxa | model: | mxview | scope: | lte | version: | 3.2.2 | Trust: 1.0 |
| vendor: | moxa | model: | mxview | scope: | gte | version: | 3.0 | Trust: 1.0 |
| vendor: | moxa | model: | mxview | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | moxa | model: | mxview | scope: | eq | version: | 3.2.2 for up to 3.x | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-013655 //
NVD: CVE-2021-38454
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-400071 //
VULMON: CVE-2021-38454 //
JVNDB: JVNDB-2021-013655 //
CNNVD: CNNVD-202110-233 //
NVD: CVE-2021-38454 //
NVD: CVE-2021-38454
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.1 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | Illegal authentication (CWE-863) [NVD evaluation ] | Trust: 0.8 |
sources:
VULHUB: VHN-400071 //
JVNDB: JVNDB-2021-013655 //
NVD: CVE-2021-38454
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202110-233
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202110-233
PATCH
| title: | MXview Series | url: | https://www.moxa.com/en/support/product-support/software-and-documentation/search?psid=53389 | Trust: 0.8 |
| title: | Moxa Mxview Network Management Software Fixes for access control error vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=165587 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2021-013655 //
CNNVD: CNNVD-202110-233
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-38454 | Trust: 3.4 |
| db: | ICS CERT | id: | ICSA-21-278-03 | Trust: 2.6 |
| db: | JVN | id: | JVNVU91384521 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2021-013655 | Trust: 0.8 |
| db: | CS-HELP | id: | SB2021100607 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.3307 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202110-233 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-400071 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-38454 | Trust: 0.1 |
sources:
VULHUB: VHN-400071 //
VULMON: CVE-2021-38454 //
JVNDB: JVNDB-2021-013655 //
CNNVD: CNNVD-202110-233 //
NVD: CVE-2021-38454
REFERENCES
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-278-03 | Trust: 3.2 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-38454 | Trust: 1.4 |
| url: | http://jvn.jp/vu/jvnvu91384521/index.html | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021100607 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.3307 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/22.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULHUB: VHN-400071 //
VULMON: CVE-2021-38454 //
JVNDB: JVNDB-2021-013655 //
CNNVD: CNNVD-202110-233 //
NVD: CVE-2021-38454
CREDITS
Noam Moshe from Claroty reported these vulnerabilities to Moxa.
Trust: 0.6
sources:
CNNVD: CNNVD-202110-233
SOURCES
| db: | VULHUB | id: | VHN-400071 |
| db: | VULMON | id: | CVE-2021-38454 |
| db: | JVNDB | id: | JVNDB-2021-013655 |
| db: | CNNVD | id: | CNNVD-202110-233 |
| db: | NVD | id: | CVE-2021-38454 |
LAST UPDATE DATE
2024-08-14T13:23:20.639000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-400071 | date: | 2022-10-25T00:00:00 |
| db: | VULMON | id: | CVE-2021-38454 | date: | 2022-10-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-013655 | date: | 2022-09-21T02:55:00 |
| db: | CNNVD | id: | CNNVD-202110-233 | date: | 2022-10-26T00:00:00 |
| db: | NVD | id: | CVE-2021-38454 | date: | 2022-10-25T15:27:04.333 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-400071 | date: | 2021-10-12T00:00:00 |
| db: | VULMON | id: | CVE-2021-38454 | date: | 2021-10-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-013655 | date: | 2022-09-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202110-233 | date: | 2021-10-05T00:00:00 |
| db: | NVD | id: | CVE-2021-38454 | date: | 2021-10-12T14:15:08.443 |