CVE-2024-6786

Name of the Vulnerable Software and Affected Versions MXview One (affected versions not specified)

Description The issue allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of sensitive information, such as configuration files and JWT signing secrets. The vulnerability is related to the incorrect restriction of the directory path name in the implementation of the Message Queuing Telemetry Transport (MQTT) protocol.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.