Second Order Command-injection Vulnerability in the Key-delete Function
CVE-2023-34216

8.1HIGH

Key Information:

Vendor: Moxa
Status: Tn-5900 Series; Tn-4900 Series; Edr-g902 Series; Edr-g903 Series
Vendor: CVE Published:; 17 August 2023

Summary

The Moxa TN-4900 and TN-5900 Series firmware prior to specified versions contain a command injection vulnerability linked to insufficient input validation in the key-delete function. This flaw allows unauthorized users to execute arbitrary commands, which could result in the deletion of any file on the affected system. Users are advised to upgrade to the latest firmware versions to mitigate potential risks.

Affected Version(s)

EDR-G9010 Series 1.0 <= 2.1

EDR-G902 Series 1.0 <= 5.7.17

EDR-G903 Series 1.0 <= 5.7.15

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
May 31, 2023