CVE-2021-38460

7.5 HIGH

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov...

Published: 2021-10-12 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22, CWE-523

Affected products

Vendor	Product
moxa	mxview

Description

A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Source: NVD

References

Related CVEs

Same vendor

CVE-2021-38458 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (9.8 CRITICAL)
CVE-2021-38456 — A use of hard-coded password vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to ... (9.8 CRITICAL)
CVE-2021-38454 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (10.0 CRITICAL)
CVE-2021-38452 — A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or ov... (7.5 HIGH)
CVE-2021-39279 — Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP (8.8 HIGH)

Same CWE

CVE-2026-48777 — FileBrowser Quantum is a free, self-hosted, web-based file manager
CVE-2026-8442 — The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
CVE-2026-49766 — Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
CVE-2026-49061 — Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
CVE-2026-40779 — Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions (7.7 HIGH)