CVE-2023-33238

CWE-78 — OS Command Injection CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 49.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Edr-810 Series Moxa Edr-g9010 Series Moxa Edr-g902 Series +6 more

Timeline

PublishedAug 17

Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5moxa/tn-4900_series1.0 — 1.2.4

▶CVEListV5moxa/tn-5900_series1.0 — 3.3

▶NVDmoxa/tn-4900_firmware1.2.4

▶NVDmoxa/tn-5900_firmware3.3

▶CVEListV5moxa/edr-810_series1.0 — 5.12.27

Patches

Patch: www.moxa.com ↗Patch: www.moxa.com ↗

🔴Vulnerability Details

GHSA

GHSA-24m3-rcq7-76r2: TN-4900 Series firmware versions v1↗2023-08-17

▶

CVEList

Command-injection Vulnerability in Certificate Management↗2023-08-17

▶