CVE-2023-33238

Summary

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

Affected Software

VendorProductVersion RangeStatus
MoxaTN-5900 Series1.0 <= 3.3affected
MoxaTN-4900 Series1.0 <= 1.2.4affected
MoxaEDR-810 Series1.0 <= 5.12.27affected
MoxaEDR-G902 Series1.0 <= 5.7.17affected
MoxaEDR-G903 Series1.0 <= 5.7.15affected
MoxaEDR-G9010 Series1.0 <= 2.1affected
MoxaNAT-102 Series1.0 <= 1.0.3affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References