Authentication Bypass Without Administrator Privilege
CVE-2023-33237

8.8HIGH

Key Information:

Vendor: Moxa
Status: Tn-5900 Series
Vendor: CVE Published:; 17 August 2023

What is CVE-2023-33237?

The Moxa TN-5900 Series firmware versions up to v3.3 are susceptible to an improper authentication vulnerability. The issue stems from inadequate authentication controls within the web API handler. This allows low-privileged APIs to perform actions that are typically restricted to high-privileged APIs, enabling potential unauthorized operations by attackers. Users of the affected firmware are advised to review security mechanisms and consider updates to mitigate risks posed by this vulnerability.

Affected Version(s)

TN-5900 Series 1.0 <= 3.3

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
May 19, 2023