CVE-2023-33238

Command-injection Vulnerability in Certificate Management

CVSS 7.2 HIGHEPSS 0.7%CWE-78

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Moxa · EDR-810 Series Moxa · EDR-G9010 Series Moxa · EDR-G902 Series Moxa · EDR-G903 Series Moxa · NAT-102 Series Moxa · TN-4900 Series Moxa · TN-5900 Series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities