We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-34214

Second Order Command-injection Vulnerability in the Certificate-generation Function



AssignerMoxa
Reserved2023-05-31
Published2023-08-17
Updated2024-10-28

Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

Default status
unaffected

1.0
affected

References

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities vendor-advisory

cve.org CVE-2023-34214

nvd.nist.gov CVE-2023-34214

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.