Second Order Command-injection Vulnerability in the Key-delete Function
CVE-2023-34216
8.1HIGH
Key Information:
- Vendor
Moxa
- Vendor
- CVE Published:
- 17 August 2023
What is CVE-2023-34216?
The Moxa TN-4900 and TN-5900 Series firmware prior to specified versions contain a command injection vulnerability linked to insufficient input validation in the key-delete function. This flaw allows unauthorized users to execute arbitrary commands, which could result in the deletion of any file on the affected system. Users are advised to upgrade to the latest firmware versions to mitigate potential risks.
Affected Version(s)
EDR-G9010 Series 1.0 <= 2.1
EDR-G902 Series 1.0 <= 5.7.17
EDR-G903 Series 1.0 <= 5.7.15