CVE-2017-7455

HIGH

Moxa MXView 2.8 - Unauthenticated Exposure of Sensitive Information via Private Key File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7455. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates a remote private key disclosure vulnerability in Moxa MXview v2.8. It sends an HTTP GET request to retrieve the private key file located at /certs/mxview.key, which is exposed due to improper access controls.

Description

Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textremotewindows
https://www.exploit-db.com/exploits/41850

This exploit demonstrates a remote private key disclosure vulnerability in Moxa MXview v2.8. It sends an HTTP GET request to retrieve the private key file located at /certs/mxview.key, which is exposed due to improper access controls.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Moxa MXview v2.8
No auth needed
Prerequisites: Network access to the target system · Target system running Moxa MXview v2.8 with the web server exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Apr/49
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41850/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html

Scores

CVSS v3 7.5
EPSS 0.1634
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
moxa/mxview 2.8
Published Apr 14, 2017
Tracked Since Feb 18, 2026