Vendor
Mobatek
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15376 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2017 | The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | |
| CVE-2026-25866 | Hig | 0.51 | 7.8 | 0.00 | Mar 9, 2026 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user. | |
| CVE-2017-6805 | Med | 0.39 | 5.3 | 0.17 | Mar 20, 2017 | Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. | |
| CVE-2015-7244 | 0.00 | — | 0.04 | Nov 4, 2015 | The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. |