Vulnerability Description
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Tn-5900 Firmware | <= 3.3 |
| Moxa | Tn-5900 | - |
| Moxa | Tn-4900 Firmware | <= 1.2.4 |
| Moxa | Tn-4900 | - |
Related Weaknesses (CWE)
References
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
- https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tnPatchVendor Advisory
FAQ
What is CVE-2023-33238?
CVE-2023-33238 is a vulnerability with a CVSS score of 7.2 (HIGH). TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate in...
How severe is CVE-2023-33238?
CVE-2023-33238 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33238?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Tn-5900 Firmware, Moxa Tn-5900, Moxa Tn-4900 Firmware, Moxa Tn-4900.