CVE-2018-7506

Name of the Vulnerable Software and Affected Versions Moxa MXview versions 2.8 and prior

Description The issue allows a remote attacker to access the private key of the web server via an HTTP GET request, potentially enabling them to decrypt encrypted information.

Recommendations For Moxa MXview versions 2.8 and prior, consider restricting access to the web server's private key until a fix is available. As a temporary workaround, restrict access to the HTTP endpoint that allows reading the private key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.