Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.

Related CPE's

o

moxa

tn-5900_firmware

Vulnerable

h

moxa

tn-5900

-

o

moxa

tn-4900_firmware

Vulnerable

h

moxa

tn-4900

-

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

[email protected]

Secondary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-17T03:15:09.377

11 months ago

Last modified

2023-08-22T19:10:24.183

11 months ago