CVE-2023-33238
Summary
| CVE | CVE-2023-33238 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-17 03:15:00 UTC |
| Updated | 2023-08-22 19:10:00 UTC |
| Description | TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Moxa | Tn-4900 | - | All | All | All |
| Operating System | Moxa | Tn-4900 Firmware | All | All | All | All |
| Hardware | Moxa | Tn-5900 | - | All | All | All |
| Operating System | Moxa | Tn-5900 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| TN-5900 and TN-4900 Series Web Server Multiple Vulnerabilities | MISC | www.moxa.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.