CVE-2023-33238

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*

History

28 Oct 2024, 06:15

Type Values Removed Values Added
CWE CWE-78
Summary (en) TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. (en) TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

22 Aug 2023, 19:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities - (MISC) https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities - Patch, Vendor Advisory
First Time Moxa tn-4900 Firmware
Moxa
Moxa tn-5900 Firmware
Moxa tn-4900
Moxa tn-5900
CWE CWE-77
CPE cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*
cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*

17 Aug 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-17 03:15

Updated : 2024-10-28 06:15


NVD link : CVE-2023-33238

Mitre link : CVE-2023-33238

CVE.ORG link : CVE-2023-33238


JSON object : View

Products Affected

moxa

  • tn-5900
  • tn-4900
  • tn-4900_firmware
  • tn-5900_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')