CVE-2023-33239
EUVD-2023-3740817.08.2023, 03:15
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| moxa | tn-5900_firmware | 𝑥 ≤ 3.3 |
| moxa | tn-4900_firmware | 𝑥 ≤ 1.2.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.