Vulnerabilites related to moxa - tn-5900
var-202201-1178
Vulnerability from variot
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. Moxa TN-5900 A command injection vulnerability exists in the firmware running on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Moxa Tn-5900 is a series of En50155 wall-mounted routers from Moxa, China. in the process of user input constructing and executing commands. An attacker can exploit this vulnerability to inject and execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.1 to"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"cve": "CVE-2021-46560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-46560",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-09251",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-46560",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-46560",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-46560",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-46560",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-09251",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2441",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. Moxa TN-5900 A command injection vulnerability exists in the firmware running on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Moxa Tn-5900 is a series of En50155 wall-mounted routers from Moxa, China. in the process of user input constructing and executing commands. An attacker can exploit this vulnerability to inject and execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNVD",
"id": "CNVD-2022-09251"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-46560",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-09251",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165787",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"id": "VAR-202201-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
}
]
},
"last_update_date": "2024-11-23T22:54:44.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.moxa.com/en/"
},
{
"title": "Patch for Moxa TN-5900 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/318526"
},
{
"title": "Moxa Tn-5900 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180875"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46560"
},
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165787/moxa-tn-5900-post-authentication-command-injection.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"date": "2023-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"date": "2022-01-26T02:15:07.463000",
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"date": "2023-03-31T04:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-004212"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2441"
},
{
"date": "2024-11-21T06:34:19.767000",
"db": "NVD",
"id": "CVE-2021-46560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa TN-5900 Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09251"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2441"
}
],
"trust": 0.6
}
}
var-202308-2771
Vulnerability from variot
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2771",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.3 and earlier"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"cve": "CVE-2023-34215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64100",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-34215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-34215",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-34215",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34215",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-34215",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34215",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64100",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "VULMON",
"id": "CVE-2023-34215"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34215",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64100",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-34215",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "VULMON",
"id": "CVE-2023-34215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"id": "VAR-202308-2771",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
}
]
},
"last_update_date": "2024-10-28T23:08:45.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-5900 Command Injection Vulnerability (CNVD-2023-64100)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452531"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "VULMON",
"id": "CVE-2023-34215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"db": "VULMON",
"id": "CVE-2023-34215"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34215"
},
{
"date": "2024-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"date": "2023-08-17T07:15:42.333000",
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64100"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34215"
},
{
"date": "2024-01-23T04:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-022440"
},
{
"date": "2024-10-28T06:15:03.950000",
"db": "NVD",
"id": "CVE-2023-34215"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022440"
}
],
"trust": 0.8
}
}
var-202308-2739
Vulnerability from variot
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. Moxa Inc. of TN-5900 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company.
There is an authentication error vulnerability before MOXA TN-5900 v3.3. Attackers can use this vulnerability to cause low-privileged APIs to execute only high-privileged APIs. limited operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2739",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.3 and earlier"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"cve": "CVE-2023-33237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64214",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-33237",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-33237",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33237",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-33237",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-33237",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-64214",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors. Moxa Inc. of TN-5900 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company. \n\r\n\r\nThere is an authentication error vulnerability before MOXA TN-5900 v3.3. Attackers can use this vulnerability to cause low-privileged APIs to execute only high-privileged APIs. limited operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33237"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "VULMON",
"id": "CVE-2023-33237"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33237",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64214",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-33237",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "VULMON",
"id": "CVE-2023-33237"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"id": "VAR-202308-2739",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
}
]
},
"last_update_date": "2024-10-28T22:47:10.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-5900 Authentication Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452521"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "VULMON",
"id": "CVE-2023-33237"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"db": "VULMON",
"id": "CVE-2023-33237"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33237"
},
{
"date": "2024-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"date": "2023-08-17T02:15:41.177000",
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64214"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33237"
},
{
"date": "2024-01-22T02:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-022080"
},
{
"date": "2024-10-28T06:15:02.730000",
"db": "NVD",
"id": "CVE-2023-33237"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 Authentication vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022080"
}
],
"trust": 0.8
}
}
var-202308-2946
Vulnerability from variot
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2946",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2.4"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-4900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=1.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"cve": "CVE-2023-34216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64094",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-34216",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-34216",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34216",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-34216",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34216",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-64094",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "VULMON",
"id": "CVE-2023-34216"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34216",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64094",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-34216",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "VULMON",
"id": "CVE-2023-34216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"id": "VAR-202308-2946",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
}
]
},
"last_update_date": "2024-08-14T14:43:06.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64094)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452571"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "VULMON",
"id": "CVE-2023-34216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"db": "VULMON",
"id": "CVE-2023-34216"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34216"
},
{
"date": "2024-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"date": "2023-08-17T07:15:43.297000",
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64094"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34216"
},
{
"date": "2024-01-23T04:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-022441"
},
{
"date": "2023-08-23T15:08:57.020000",
"db": "NVD",
"id": "CVE-2023-34216"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Path traversal vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022441"
}
],
"trust": 0.8
}
}
var-202201-1815
Vulnerability from variot
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. Moxa TN-5900 The firmware running on the device contains a cryptographic algorithm usage vulnerability.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1815",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.1"
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.1 to"
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Bergin",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
}
],
"trust": 0.6
},
"cve": "CVE-2021-46559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-46559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-46559",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-46559",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-46559",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-46559",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2440",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. Moxa TN-5900 The firmware running on the device contains a cryptographic algorithm usage vulnerability.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-46559"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-46559",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-018128",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2022020008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165786",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"id": "VAR-202201-1815",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.67954546
},
"last_update_date": "2024-11-23T23:07:29.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TN-5900\u00a0Series\u00a0Secure\u00a0Routers\u00a0Vulnerabilities",
"trust": 0.8,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
},
{
"title": "Moxa Tn-5900 Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180874"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.0
},
{
"problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46559"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165786/moxa-tn-5900-firmware-upgrade-checksum-validation.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022020008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"date": "2022-01-26T02:15:07.317000",
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-31T09:06:00",
"db": "JVNDB",
"id": "JVNDB-2021-018128"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2440"
},
{
"date": "2024-11-21T06:34:19.620000",
"db": "NVD",
"id": "CVE-2021-46559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0TN-5900\u00a0 Vulnerability in the use of cryptographic algorithms in the firmware running on the device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-018128"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2440"
}
],
"trust": 0.6
}
}
var-202308-2816
Vulnerability from variot
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2816",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2.4"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-4900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=1.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"cve": "CVE-2023-34217",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64097",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2023-34217",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-34217",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-34217",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34217",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-64097",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "VULMON",
"id": "CVE-2023-34217"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34217",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64097",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-34217",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "VULMON",
"id": "CVE-2023-34217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"id": "VAR-202308-2816",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
}
]
},
"last_update_date": "2024-08-14T13:19:59.214000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64097)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "VULMON",
"id": "CVE-2023-34217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"db": "VULMON",
"id": "CVE-2023-34217"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34217"
},
{
"date": "2024-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"date": "2023-08-17T07:15:43.383000",
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64097"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34217"
},
{
"date": "2024-01-23T04:07:00",
"db": "JVNDB",
"id": "JVNDB-2023-022442"
},
{
"date": "2023-08-23T16:41:43.143000",
"db": "NVD",
"id": "CVE-2023-34217"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Path traversal vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022442"
}
],
"trust": 0.8
}
}
var-202308-2817
Vulnerability from variot
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2817",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-4900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2.4"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-4900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=1.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"cve": "CVE-2023-33238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64096",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33238",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-33238",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-33238",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33238",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-33238",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-33238",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64096",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33238"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "VULMON",
"id": "CVE-2023-33238"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33238",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64096",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-33238",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "VULMON",
"id": "CVE-2023-33238"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"id": "VAR-202308-2817",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
}
]
},
"last_update_date": "2024-10-28T22:54:22.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64096)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452551"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "VULMON",
"id": "CVE-2023-33238"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"db": "VULMON",
"id": "CVE-2023-33238"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33238"
},
{
"date": "2024-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"date": "2023-08-17T03:15:09.377000",
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64096"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33238"
},
{
"date": "2024-01-22T02:56:00",
"db": "JVNDB",
"id": "JVNDB-2023-022079"
},
{
"date": "2024-10-28T06:15:03.147000",
"db": "NVD",
"id": "CVE-2023-33238"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022079"
}
],
"trust": 0.8
}
}
var-202308-2891
Vulnerability from variot
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2891",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.3 and earlier"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"cve": "CVE-2023-34213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64099",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-34213",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-34213",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-34213",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34213",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-34213",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34213",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64099",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "VULMON",
"id": "CVE-2023-34213"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34213",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64099",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-34213",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "VULMON",
"id": "CVE-2023-34213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"id": "VAR-202308-2891",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
}
]
},
"last_update_date": "2024-10-28T23:03:53.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-5900 Command Injection Vulnerability (CNVD-2023-64099)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452536"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "VULMON",
"id": "CVE-2023-34213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"db": "VULMON",
"id": "CVE-2023-34213"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34213"
},
{
"date": "2024-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"date": "2023-08-17T03:15:09.663000",
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64099"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34213"
},
{
"date": "2024-01-22T02:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-022075"
},
{
"date": "2024-10-28T06:15:03.600000",
"db": "NVD",
"id": "CVE-2023-34213"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022075"
}
],
"trust": 0.8
}
}
var-202308-2748
Vulnerability from variot
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 firmware and tn-4900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by China MOXA Company. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2748",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-4900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2.4"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-4900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=1.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"cve": "CVE-2023-34214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64098",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-34214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2023-34214",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-34214",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-34214",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-34214",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-34214",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64098",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. of TN-5900 firmware and tn-4900 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by China MOXA Company. MOXA TN-5900 is a series of industrial firewall routers produced by MOXA in China",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-34214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "VULMON",
"id": "CVE-2023-34214"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-34214",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64098",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-34214",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "VULMON",
"id": "CVE-2023-34214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"id": "VAR-202308-2748",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
}
]
},
"last_update_date": "2024-10-28T22:58:07.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452541"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "VULMON",
"id": "CVE-2023-34214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"db": "VULMON",
"id": "CVE-2023-34214"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34214"
},
{
"date": "2024-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"date": "2023-08-17T03:15:09.747000",
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64098"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-34214"
},
{
"date": "2024-01-22T02:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-022069"
},
{
"date": "2024-10-28T06:15:03.760000",
"db": "NVD",
"id": "CVE-2023-34214"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022069"
}
],
"trust": 0.8
}
}
var-202307-0385
Vulnerability from variot
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. Moxa Inc. of TN-5900 An observable inconsistency vulnerability exists in firmware.Information may be obtained. Moxa Tn-5900 is a series of En50155 wall-mounted routers from MOXA Company in China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "eq",
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.8,
"vendor": "moxa",
"version": "tn-5900 firmware 3.3 and earlier"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"cve": "CVE-2023-3336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-58299",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2023-3336",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-3336",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-3336",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-3336",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-3336",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2023-58299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-165",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users. Moxa Inc. of TN-5900 An observable inconsistency vulnerability exists in firmware.Information may be obtained. Moxa Tn-5900 is a series of En50155 wall-mounted routers from MOXA Company in China",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-3336"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "VULMON",
"id": "CVE-2023-3336"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-3336",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-58299",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-3336",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "VULMON",
"id": "CVE-2023-3336"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"id": "VAR-202307-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
}
]
},
"last_update_date": "2024-08-14T15:41:41.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Moxa Tn-5900 User Enumeration Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/443381"
},
{
"title": "Moxa Tn-5900 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=245209"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-204",
"trust": 1.0
},
{
"problemtype": "Observable discrepancy (CWE-203) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230401-tn-5900-series-user-enumeration-vulnerability"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3336"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-3336/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "VULMON",
"id": "CVE-2023-3336"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"db": "VULMON",
"id": "CVE-2023-3336"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"date": "2023-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3336"
},
{
"date": "2023-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"date": "2023-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"date": "2023-07-05T10:15:10.193000",
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-58299"
},
{
"date": "2023-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2023-3336"
},
{
"date": "2023-12-22T08:14:00",
"db": "JVNDB",
"id": "JVNDB-2023-014261"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-165"
},
{
"date": "2023-07-10T23:37:04.847000",
"db": "NVD",
"id": "CVE-2023-3336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 Observable inconsistency vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014261"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-165"
}
],
"trust": 0.6
}
}
var-202308-2749
Vulnerability from variot
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tn-4900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.2.4"
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "3.3"
},
{
"model": "tn-5900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-4900",
"scope": null,
"trust": 0.8,
"vendor": "moxa",
"version": null
},
{
"model": "tn-5900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=3.3"
},
{
"model": "tn-4900",
"scope": "lte",
"trust": 0.6,
"vendor": "moxa",
"version": "\u003c=1.2.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"cve": "CVE-2023-33239",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-64095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-33239",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "psirt@moxa.com",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-33239",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-33239",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-33239",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "psirt@moxa.com",
"id": "CVE-2023-33239",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-33239",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2023-64095",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. Moxa Inc. (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-33239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "VULMON",
"id": "CVE-2023-33239"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-33239",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-64095",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-33239",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "VULMON",
"id": "CVE-2023-33239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"id": "VAR-202308-2749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
}
],
"trust": 1.27954546
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
}
]
},
"last_update_date": "2024-10-28T23:09:42.420000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64095)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/452566"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "VULMON",
"id": "CVE-2023-33239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"db": "VULMON",
"id": "CVE-2023-33239"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33239"
},
{
"date": "2024-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"date": "2023-08-17T03:15:09.580000",
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-64095"
},
{
"date": "2023-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2023-33239"
},
{
"date": "2024-01-22T02:52:00",
"db": "JVNDB",
"id": "JVNDB-2023-022068"
},
{
"date": "2024-10-28T06:15:03.393000",
"db": "NVD",
"id": "CVE-2023-33239"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Command injection vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-022068"
}
],
"trust": 0.8
}
}
Vulnerability from fkie_nvd
Published
2022-01-26 02:15
Modified
2024-11-21 06:34
Severity ?
Summary
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DACA5E6-073A-4EE8-A4FB-37B9A6BFE9E2",
"versionEndIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection."
},
{
"lang": "es",
"value": "El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, presenta un algoritmo d\u00e9bil que permite a un atacante vencer un mecanismo de inspecci\u00f3n para la protecci\u00f3n de la integridad"
}
],
"id": "CVE-2021-46559",
"lastModified": "2024-11-21T06:34:19.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T02:15:07.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-26 02:15
Modified
2024-11-21 06:34
Severity ?
Summary
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DACA5E6-073A-4EE8-A4FB-37B9A6BFE9E2",
"versionEndIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage."
},
{
"lang": "es",
"value": "El firmware de los dispositivos Moxa TN-5900 versiones hasta 3.1, permite una inyecci\u00f3n de comandos que podr\u00eda conllevar a da\u00f1os en el dispositivo"
}
],
"id": "CVE-2021-46560",
"lastModified": "2024-11-21T06:34:19.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-26T02:15:07.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 03:15
Modified
2024-11-21 08:05
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - | |
| moxa | tn-4900_firmware | * | |
| moxa | tn-4900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"id": "CVE-2023-33238",
"lastModified": "2024-11-21T08:05:12.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T03:15:09.377",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 02:15
Modified
2024-11-21 08:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors."
}
],
"id": "CVE-2023-33237",
"lastModified": "2024-11-21T08:05:12.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T02:15:41.177",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 07:15
Modified
2024-11-21 08:06
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - | |
| moxa | tn-4900_firmware | * | |
| moxa | tn-4900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"id": "CVE-2023-34217",
"lastModified": "2024-11-21T08:06:47.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T07:15:43.383",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 07:15
Modified
2024-11-21 08:06
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"id": "CVE-2023-34215",
"lastModified": "2024-11-21T08:06:47.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T07:15:42.333",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 03:15
Modified
2024-11-21 08:06
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - | |
| moxa | tn-4900_firmware | * | |
| moxa | tn-4900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"id": "CVE-2023-34214",
"lastModified": "2024-11-21T08:06:47.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T03:15:09.747",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 03:15
Modified
2024-11-21 08:06
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"id": "CVE-2023-34213",
"lastModified": "2024-11-21T08:06:46.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T03:15:09.663",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 07:15
Modified
2024-11-21 08:06
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - | |
| moxa | tn-4900_firmware | * | |
| moxa | tn-4900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"id": "CVE-2023-34216",
"lastModified": "2024-11-21T08:06:47.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T07:15:43.297",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-05 10:15
Modified
2024-11-21 08:17
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.\n\n"
}
],
"id": "CVE-2023-3336",
"lastModified": "2024-11-21T08:17:02.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-05T10:15:10.193",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230401-tn-5900-series-user-enumeration-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230401-tn-5900-series-user-enumeration-vulnerability"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-17 03:15
Modified
2024-11-21 08:05
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moxa | tn-5900_firmware | * | |
| moxa | tn-5900 | - | |
| moxa | tn-4900_firmware | * | |
| moxa | tn-4900 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"id": "CVE-2023-33239",
"lastModified": "2024-11-21T08:05:13.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-17T03:15:09.580",
"references": [
{
"source": "psirt@moxa.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"sourceIdentifier": "psirt@moxa.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@moxa.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-34216 (GCVE-0-2023-34216)
Vulnerability from cvelistv5
Published
2023-08-17 06:41
Modified
2024-10-08 14:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | TN-5900 Series |
Version: 1.0 < |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:06:50.997727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:10:45.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:07:09.507Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-delete Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34216",
"datePublished": "2023-08-17T06:41:41.568Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-08T14:10:45.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34217 (GCVE-0-2023-34217)
Vulnerability from cvelistv5
Published
2023-08-17 06:48
Modified
2024-10-02 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | TN-5900 Series |
Version: 1.0 < |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T19:43:12.616230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T19:58:00.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T07:12:20.397Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-delete Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34217",
"datePublished": "2023-08-17T06:48:38.770Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-02T19:58:00.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34215 (GCVE-0-2023-34215)
Vulnerability from cvelistv5
Published
2023-08-17 06:35
Modified
2024-10-28 06:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | TN-5900 Series |
Version: 1.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:28:17.506898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:29:31.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware versions\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the certification\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egeneration function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:08:37.703Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34215",
"datePublished": "2023-08-17T06:35:06.293Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-28T06:08:37.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33237 (GCVE-0-2023-33237)
Vulnerability from cvelistv5
Published
2023-08-17 01:50
Modified
2024-10-28 06:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | TN-5900 Series |
Version: 1.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:10:14.937858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:11:57.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eversion v3.3 and prior is vulnerable to improper\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eactions that only high-privileged APIs\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eare allowed This presents a potential risk of unauthorized exploitation by malicious actors.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:01:08.088Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Without Administrator Privilege",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33237",
"datePublished": "2023-08-17T01:50:53.625Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:01:08.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33238 (GCVE-0-2023-33238)
Vulnerability from cvelistv5
Published
2023-08-17 02:04
Modified
2024-10-28 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | TN-5900 Series |
Version: 1.0 < |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:05:51.367695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:09:34.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:03:40.655Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series:\u0026nbsp;Please upgrade to firmware\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series:\u00a0Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series:\u00a0Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command-injection Vulnerability in Certificate Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33238",
"datePublished": "2023-08-17T02:04:50.789Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:03:40.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33239 (GCVE-0-2023-33239)
Vulnerability from cvelistv5
Published
2023-08-17 02:13
Modified
2024-10-28 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | TN-5900 Series |
Version: 1.0 < |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:56:35.889846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:03:33.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:04:52.923Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33239",
"datePublished": "2023-08-17T02:13:25.280Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:04:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34214 (GCVE-0-2023-34214)
Vulnerability from cvelistv5
Published
2023-08-17 02:26
Modified
2024-10-28 06:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Moxa | TN-5900 Series |
Version: 1.0 < |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:30:32.666754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:37:23.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:07:21.645Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34214",
"datePublished": "2023-08-17T02:26:05.428Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-28T06:07:21.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3336 (GCVE-0-2023-3336)
Vulnerability from cvelistv5
Published
2023-07-05 09:11
Modified
2024-11-20 21:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Observable Response Discrepancy
Summary
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | TN-5900 Series |
Version: 1.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230401-tn-5900-series-user-enumeration-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T21:21:42.598078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T21:22:45.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.\u003c/p\u003e"
}
],
"value": "TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-580",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-580 Application Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T03:48:54.395Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230401-tn-5900-series-user-enumeration-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrades to firmware version 3.4 or later.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below:\n * TN-5900 Series: Please upgrades to firmware version 3.4 or later.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TN-5900 Series User Enumeration Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-3336",
"datePublished": "2023-07-05T09:11:54.255Z",
"dateReserved": "2023-06-20T08:08:16.510Z",
"dateUpdated": "2024-11-20T21:22:45.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34213 (GCVE-0-2023-34213)
Vulnerability from cvelistv5
Published
2023-08-17 02:20
Modified
2024-10-28 06:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Moxa | TN-5900 Series |
Version: 1.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:42:41.686121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:54:04.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the key\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003egeneration function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:06:35.355Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-5900 Series: Please upgrade to firmware v3.4 or higher.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34213",
"datePublished": "2023-08-17T02:20:20.289Z",
"dateReserved": "2023-05-31T08:58:06.148Z",
"dateUpdated": "2024-10-28T06:06:35.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46559 (GCVE-0-2021-46559)
Vulnerability from cvelistv5
Published
2022-01-26 01:11
Modified
2024-08-04 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:10:35.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T01:11:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities",
"refsource": "MISC",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46559",
"datePublished": "2022-01-26T01:11:00",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-04T05:10:35.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46560 (GCVE-0-2021-46560)
Vulnerability from cvelistv5
Published
2022-01-26 01:10
Modified
2024-08-04 05:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:10:35.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-26T01:10:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt",
"refsource": "MISC",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tn-5900-secure-routers-vulnerabilitiestxt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46560",
"datePublished": "2022-01-26T01:10:49",
"dateReserved": "2022-01-26T00:00:00",
"dateUpdated": "2024-08-04T05:10:35.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}