Overview
- Description
- TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
- Source
- psirt@moxa.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABA65A45-A850-440B-8B4B-191D46059E71",
"versionEndIncluding": "3.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7D1E9F45-0ED4-4223-BC9B-D2E01A583DCA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "442E0C68-A369-4079-86CC-0E63408C48E7",
"versionEndIncluding": "1.2.4"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "56CD9ADD-E963-42F4-A2E5-175A0D2EE8D0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]