Security News > 2022 > February > Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

The MXview software uses the MQTT server to distribute most of its IPC/RPC messages, they added, and most of the MXview APIs use the MQTT protocol to receive and handle requests.

Mosquitto enables MQTT over Websockets, so that users can receive MQTT data via a web browser.

Once an attacker has access to the MQTT broker, CVE-2021-38454 and CVE-2021-38458 come into play to allow RCE through command injection.

An attacker who has gained access to the MQTT system via the first vulnerability can inject a MQTT message directly to the MQTT broker.

An attacker could abuse this by sending a malicious MQTT message containing path traversal characters, and inject it directly into the MQTT topic, they explained, thus resulting in the creation of arbitrary files on the host server's file system.

"Command injection via MQTT is an interesting and seldom discussed technique, and only goes to demonstrate the increasing complexity of the input vectors any given application may have. Proper sanitization is important everywhere, not just on real-time inputs which are exposed directly to users. MXview users would be well advised to patch as quickly as possible."

News URL

https://threatpost.com/critical-mqtt-bugs-industrial-rce-moxa/178399/