CVE-2023-34214: Second Order Command-injection Vulnerability in the Certificate-generation Function
First published: Thu Aug 17 2023(Updated: )
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Credit: psirt@moxa.com psirt@moxa.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moxa Tn-5900 Firmware | <=3.3 | |
| Moxa TN-5900 | ||
| Moxa Tn-4900 Firmware | <=1.2.4 | |
| Moxa Tn-4900 | ||
| All of | ||
| Moxa Tn-5900 Firmware | <=3.3 | |
| Moxa TN-5900 | ||
| All of | ||
| Moxa Tn-4900 Firmware | <=1.2.4 | |
| Moxa Tn-4900 |
Remedy
Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-34214.
What is the severity level of CVE-2023-34214?
The severity level of CVE-2023-34214 is critical with a CVSS score of 9.8.
Which firmware versions of TN-4900 Series are affected by CVE-2023-34214?
TN-4900 Series firmware versions up to v1.2.4 are affected by CVE-2023-34214.
Which firmware versions of TN-5900 Series are affected by CVE-2023-34214?
TN-5900 Series firmware versions up to v3.3 are affected by CVE-2023-34214.
How can this vulnerability be exploited?
This vulnerability can be exploited through command injection due to insufficient input validation in the certificate-generation function.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/moxa
- canonical/moxa tn-5900 firmware
- version/moxa tn-5900 firmware/3.3
- canonical/moxa tn-5900
- canonical/moxa tn-4900 firmware
- version/moxa tn-4900 firmware/1.2.4
- canonical/moxa tn-4900