CVE-2023-34214

Summary

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.

Affected Software

VendorProductVersion RangeStatus
MoxaTN-5900 Series1.0 <= 3.3affected
MoxaTN-4900 Series1.0 <= 1.2.4affected
MoxaEDR-810 Series1.0 <= 5.12.27affected
MoxaEDR-G902 Series1.0 <= 5.7.17affected
MoxaEDR-G903 Series1.0 <= 5.7.15affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References