Second Order Command-injection Vulnerability in the Key-generation Function
CVE-2023-33239
9.8CRITICAL
Key Information:
- Vendor
Moxa
- Vendor
- CVE Published:
- 17 August 2023
What is CVE-2023-33239?
The TN-4900 and TN-5900 Series firmware from Moxa is susceptible to a command injection vulnerability due to inadequate input validation in the key-generation process. Malicious users can exploit this weakness to execute arbitrary commands remotely, posing significant risks to the affected devices' integrity and security.
Affected Version(s)
EDR-810 Series 1.0 <= 5.12.27
EDR-G9010 Series 1.0 <= 2.1
EDR-G902 Series 1.0 <= 5.7.17