CVE-2023-33238: Command-injection Vulnerability in Certificate Management
First published: Thu Aug 17 2023(Updated: )
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
Credit: psirt@moxa.com psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Tn-5900 Firmware | <=3.3 | |
| Moxa TN-5900 | ||
| Moxa Tn-4900 Firmware | <=1.2.4 | |
| Moxa Tn-4900 | ||
| All of | ||
| Moxa Tn-5900 Firmware | <=3.3 | |
| Moxa TN-5900 | ||
| All of | ||
| Moxa Tn-4900 Firmware | <=1.2.4 | |
| Moxa Tn-4900 |
Remedy
Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-33238?
The severity of CVE-2023-33238 is critical.
Which firmware versions are affected by CVE-2023-33238?
TN-4900 Series firmware versions v1.2.4 and prior, and TN-5900 Series firmware versions v3.3 and prior are affected by CVE-2023-33238.
What is the vulnerability type of CVE-2023-33238?
CVE-2023-33238 is a command injection vulnerability.
How does CVE-2023-33238 occur?
CVE-2023-33238 occurs due to inadequate input validation in the certificate management function.
Is there a fix available for CVE-2023-33238?
Yes, a fix is available. Please refer to the vendor's security advisory for more information.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/title
- agent/severity
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/moxa
- canonical/moxa tn-5900 firmware
- version/moxa tn-5900 firmware/3.3
- canonical/moxa tn-5900
- canonical/moxa tn-4900 firmware
- version/moxa tn-4900 firmware/1.2.4
- canonical/moxa tn-4900