CVE-2023-33238
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Moxa | TN-5900 Series | 1.0 <= 3.3 | affected |
| Moxa | TN-4900 Series | 1.0 <= 1.2.4 | affected |
| Moxa | EDR-810 Series | 1.0 <= 5.12.27 | affected |
| Moxa | EDR-G902 Series | 1.0 <= 5.7.17 | affected |
| Moxa | EDR-G903 Series | 1.0 <= 5.7.15 | affected |
| Moxa | EDR-G9010 Series | 1.0 <= 2.1 | affected |
| Moxa | NAT-102 Series | 1.0 <= 1.0.3 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.