CVE-2023-39983— MXsecurity Register Database Pollution
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-39983
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MXsecurity Register Database Pollution
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-915
Source: NVD (National Vulnerability Database)
Vulnerability Title
MOXA MXsecurity 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MOXA MXsecurity是中国摩莎(MOXA)公司的一个管理平台。可提供集中的可见性和安全管理,以轻松监视和识别网络威胁并防止安全错误配置,从而创建强大的威胁防御。 MXsecurity v1.0.1及之前版本存在安全漏洞,该漏洞源于可能允许未经身份验证的远程攻击者通过nsm-web应用程序注册或添加设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Moxa | MXsecurity Series | 1.0 ~ 1.0.1 | - |
II. Public POCs for CVE-2023-39983
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-39983
请登录查看更多情报信息。
- MXsecurity Series Multiple Vulnerabilitiesvendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39983
Same Patch Batch · Moxa · 2023-09-02 · 5 CVEs total
| CVE-2023-39979 | 9.8 CRITICAL | MXsecurity Authentication Bypass |
| CVE-2023-39982 | 7.5 HIGH | MXsecurity Hardcoded Credential |
| CVE-2023-39981 | 7.5 HIGH | MXsecurity Device Information Disclosure |
| CVE-2023-39980 | 7.1 HIGH | MXsecurity Authenticated Information Disclosure Due to SQL Injection |
IV. Related Vulnerabilities
Same product: MXsecurity Series
Same weakness: CWE-915
- CVE-2025-14341
Input Data Manipulation in DivvyDrive Information Technologi - CVE-2026-41139
Unsafe array index getter in mathjs - CVE-2026-33453
Apache Camel: CoAP URI Query Parameter to Exchange Header In - CVE-2026-42044
Axios: Invisible JSON Response Tampering via Prototype Pollu - CVE-2026-40897
Math.js: Unsafe object property setter in mathjs
V. Comments for CVE-2023-39983
No comments yet