PT-2023-4623 · Moxa · Moxa Tn-4900 Series+1

Publicado

2023-08-16

Atualizado

2023-08-23

CVE-2023-34216

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Moxa TN-4900 Series firmware versions v1.2.4 and prior Moxa TN-5900 Series firmware versions v3.3 and prior

Description The issue is related to insufficient input validation in the key-delete function, which could allow malicious users to delete arbitrary files. This vulnerability may potentially allow remote attackers to create or overwrite arbitrary files in the system.

Recommendations For Moxa TN-4900 Series firmware versions v1.2.4 and prior, consider disabling the key-delete function until a patch is available. For Moxa TN-5900 Series firmware versions v3.3 and prior, consider disabling the key-delete function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2023-05030

CVE-2023-34216

Produtos afetados

Moxa Tn-4900 Series

Moxa Tn-5900 Series

PT-2023-4623 · Moxa · Moxa Tn-4900 Series+1

CVE-2023-34216

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7