Command-injection Vulnerability in Certificate Management

CVE-2023-33238

9.8CRITICAL

Key Information

Vendor: Moxa
Status: Tn-5900 Series; Tn-4900 Series; Edr-810 Series; Edr-g902 Series
Vendor: CVE Published:; 17 August 2023

Summary

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

Affected Version(s)

TN-5900 Series <= 3.3

TN-4900 Series <= 1.2.4

EDR-810 Series <= 5.12.27

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.2 - (HIGH)
Oct 28, 2024
Risk change from: 9.8 to: 7.2 - (HIGH)
Oct 8, 2024
Vulnerability published.
Aug 17, 2023
Vulnerability Reserved.
May 19, 2023

Collectors

NVD DatabaseMitre Database