CVE-2023-33239
17.08.2023, 03:15
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| moxa | tn-5900_firmware | 𝑥 ≤ 3.3 |
| moxa | tn-4900_firmware | 𝑥 ≤ 1.2.4 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| moxa | edr-g903 | 1.0 ≤ 𝑥 ≤ 5.7.15 | ADP |
| moxa | tn-5900 | 1.0 ≤ 𝑥 ≤ 3.3 | ADP |
| moxa | tn-4900 | 1.0 ≤ 𝑥 ≤ 1.2.4 | ADP |
| moxa | edr-810 | 1.0 ≤ 𝑥 ≤ 5.12.27 | ADP |
| moxa | edr-g902 | 1.0 ≤ 𝑥 ≤ 5.7.17 | ADP |
| moxa | edr-g9010 | 1.0 ≤ 𝑥 ≤ 2.1 | ADP |
| moxa | nat-102 | 1.0 ≤ 𝑥 ≤ 1.0.3 | ADP |
Common Weakness Enumeration
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.