CVE-2023-34217

Name of the Vulnerable Software and Affected Versions Moxa TN-4900 Series firmware versions v1.2.4 and prior Moxa TN-5900 Series firmware versions v3.3 and prior

Description The issue is related to insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. This stems from incorrect restriction of the path name to a directory with limited access. Exploitation of the issue may allow a remote attacker to create or overwrite critical files and execute arbitrary code.

Recommendations For Moxa TN-4900 Series firmware versions v1.2.4 and prior, consider disabling the certificate-delete function until a patch is available. For Moxa TN-5900 Series firmware versions v3.3 and prior, restrict access to the certificate-delete function to minimize the risk of exploitation. As a temporary workaround, avoid using the certificate-delete function in the affected firmware versions until the issue is resolved.