CVE-2023-34214

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 55.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Moxa Edr-810 SeriesMoxa Edr-g902 SeriesMoxa Edr-g903 Series+4 more
Timeline
PublishedAug 17

Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

CVEListV5moxa/tn-4900_series1.01.2.4
CVEListV5moxa/tn-5900_series1.03.3
CVEListV5moxa/edr-810_series1.05.12.27

Patches

Patch: www.moxa.comPatch: www.moxa.com

🔴Vulnerability Details

2
GHSA
GHSA-fhvv-xjvf-6vwj: TN-4900 Series firmware versions v12023-08-17
CVEList
Second Order Command-injection Vulnerability in the Certificate-generation Function2023-08-17
CVE-2023-34214 (CRITICAL CVSS 9.8) | TN-4900 Series firmware versions v1 | cvebase.io