Vulnerability Description
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Tn-5900 Firmware | <= 3.3 |
| Moxa | Tn-5900 | - |
Related Weaknesses (CWE)
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
FAQ
What is CVE-2023-33237?
CVE-2023-33237 is a vulnerability with a CVSS score of 8.8 (HIGH). TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API hand...
How severe is CVE-2023-33237?
CVE-2023-33237 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33237?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Tn-5900 Firmware, Moxa Tn-5900.