First published: Thu Aug 17 2023(Updated: )
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Credit: psirt@moxa.com psirt@moxa.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa Tn-5900 Firmware | <=3.3 | |
Moxa TN-5900 | ||
Moxa Tn-4900 Firmware | <=1.2.4 | |
Moxa Tn-4900 | ||
All of | ||
Moxa Tn-5900 Firmware | <=3.3 | |
Moxa TN-5900 | ||
All of | ||
Moxa Tn-4900 Firmware | <=1.2.4 | |
Moxa Tn-4900 |
Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-33239.
The severity of CVE-2023-33239 is critical with a score of 9.8.
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are affected by CVE-2023-33239.
CVE-2023-33239 is caused by insufficient input validation in the key-generation function.
CVE-2023-33239 can potentially be exploited by malicious users to execute arbitrary commands.