PT-2023-4619 · Moxa · Moxa Tn-4900 Series+1
Published
2023-08-16
·
Updated
2024-10-28
·
CVE-2023-33238
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moxa TN-4900 Series firmware versions v1.2.4 and prior
Moxa TN-5900 Series firmware versions v3.3 and prior
Description
The issue stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. This is related to errors in processing input data, potentially enabling a remote attacker to execute arbitrary code.
Recommendations
For Moxa TN-4900 Series firmware versions v1.2.4 and prior, update to a version later than v1.2.4 to resolve the issue.
For Moxa TN-5900 Series firmware versions v3.3 and prior, update to a version later than v3.3 to resolve the issue.
As a temporary workaround, consider restricting access to the certificate management function until a patch is available.
Fix
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Moxa Tn-4900 Series
Moxa Tn-5900 Series