Moxa Tn-4900 Firmware vulnerabilities

5 known vulnerabilities affecting moxa/tn-4900_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2

Vulnerabilities

Page 1 of 1
CVE-2023-33239CRITICALCVSS 9.8≤ 1.2.42023-08-17
CVE-2023-33239 [HIGH] CWE-78 CVE-2023-33239: TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prio TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
nvd
CVE-2023-33238CRITICALCVSS 9.8≤ 1.2.42023-08-17
CVE-2023-33238 [HIGH] CWE-78 CVE-2023-33238: TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prio TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
nvd
CVE-2023-34214CRITICALCVSS 9.8≤ 1.2.42023-08-17
CVE-2023-34214 [HIGH] CWE-78 CVE-2023-34214: TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prio TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
nvd
CVE-2023-34216HIGHCVSS 8.1≤ 1.2.42023-08-17
CVE-2023-34216 [HIGH] CWE-22 CVE-2023-34216: TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prio TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
nvd
CVE-2023-34217HIGHCVSS 8.1≤ 1.2.42023-08-17
CVE-2023-34217 [HIGH] CWE-22 CVE-2023-34217: TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prio TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
nvd