CVE-2021-38454
10.0 CRITICALA path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov...
Published: 2021-10-12 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-22, CWE-284
Affected products
| Vendor | Product |
|---|---|
| moxa | mxview |
Description
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-38460 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (7.5 HIGH)
- CVE-2021-38458 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (9.8 CRITICAL)
- CVE-2021-38456 — A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to ... (9.8 CRITICAL)
- CVE-2021-38452 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (7.5 HIGH)
- CVE-2021-39279 — Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP (8.8 HIGH)
Same CWE
- CVE-2026-48777 — FileBrowser Quantum is a free, self-hosted, web-based file manager
- CVE-2026-8442 — The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
- CVE-2026-49766 — Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
- CVE-2026-49061 — Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
- CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)