Command-injection Vulnerability in Certificate Management
CVE-2023-33238

9.8CRITICAL

Key Information:

Vendor: Moxa
Status: Tn-5900 Series; Tn-4900 Series; Edr-810 Series; Edr-g902 Series
Vendor: CVE Published:; 17 August 2023

Summary

The TN-4900 and TN-5900 Series firmware from Moxa contains a command injection vulnerability due to insufficient input validation within the certificate management function. This flaw allows attackers to potentially execute arbitrary commands remotely on the affected devices, posing significant security risks that could compromise device integrity and data confidentiality.

Affected Version(s)

EDR-810 Series 1.0 <= 5.12.27

EDR-G9010 Series 1.0 <= 2.1

EDR-G902 Series 1.0 <= 5.7.17

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
May 19, 2023