CVE-2023-34216

Summary

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.

Affected Software

VendorProductVersion RangeStatus
MoxaTN-5900 Series1.0 <= 3.3affected
MoxaTN-4900 Series1.0 <= 1.2.4affected
MoxaEDR-G902 Series1.0 <= 5.7.17affected
MoxaEDR-G903 Series1.0 <= 5.7.15affected
MoxaEDR-G9010 Series1.0 <= 2.1affected
MoxaNAT-102 Series1.0 <= 1.0.3affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References