Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

Related CPE's

o

moxa

tn-5900_firmware

Vulnerable

h

moxa

tn-5900

-

o

moxa

tn-4900_firmware

Vulnerable

h

moxa

tn-4900

-

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-78

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-17T01:15:09.377Z

2 years ago

Last modified

2024-11-21T07:05:12.860Z

1 year ago