Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

Related CPE's

o

moxa

tn-5900_firmware

Vulnerable

h

moxa

tn-5900

-

o

moxa

tn-4900_firmware

Vulnerable

h

moxa

tn-4900

-

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-78

[email protected]

Primary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-17T01:15:09.580Z

2 years ago

Last modified

2024-11-21T07:05:13.020Z

1 year ago