Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

Related CPE's

o

moxa

tn-5900_firmware

Vulnerable

h

moxa

tn-5900

-

o

moxa

tn-4900_firmware

Vulnerable

h

moxa

tn-4900

-

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-77

[email protected]

Secondary
CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-17T03:15:09.580

1 year ago

Last modified

2023-08-22T18:51:19.917

1 year ago