Search criteria
9 vulnerabilities found for EDR-810 Series by Moxa
CVE-2025-0676 (GCVE-0-2025-0676)
Vulnerability from cvelistv5 – Published: 2025-04-02 06:32 – Updated: 2025-04-03 03:25
VLAI?
Title
Commend Injection Leading to Privilege Escalation
Summary
This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDF-G1002-BP Series |
Affected:
1.0 , ≤ 3.14
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Rex Weng from Moxa's Product Security Center
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:22:10.644614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:22:52.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.39",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rex Weng from Moxa\u0027s Product Security Center"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.\u003c/p\u003e"
}
],
"value": "This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T03:25:39.962Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage.\u003cbr\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Commend Injection Leading to Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2025-0676",
"datePublished": "2025-04-02T06:32:27.898Z",
"dateReserved": "2025-01-23T15:47:52.112Z",
"dateUpdated": "2025-04-03T03:25:39.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0415 (GCVE-0-2025-0415)
Vulnerability from cvelistv5 – Published: 2025-04-02 06:22 – Updated: 2025-04-03 03:26
VLAI?
Title
Command Injection in NTP Setting
Summary
A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDF-G1002-BP Series |
Affected:
1.0 , ≤ 3.14
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T16:26:03.258921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:26:48.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.39",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote attacker with web administrator privileges can exploit the device\u2019s web interface to execute arbitrary system commands through the NTP settings. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSuccessful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A remote attacker with web administrator privileges can exploit the device\u2019s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T03:26:20.035Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage."
}
],
"value": "Moxa has developed appropriate solutions to address this vulnerability. For details on the affected products and their corresponding solutions, please refer to the Solutions section on our official Security Advisory webpage."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in NTP Setting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2025-0415",
"datePublished": "2025-04-02T06:22:11.432Z",
"dateReserved": "2025-01-13T06:32:19.363Z",
"dateUpdated": "2025-04-03T03:26:20.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9138 (GCVE-0-2024-9138)
Vulnerability from cvelistv5 – Published: 2025-01-03 08:14 – Updated: 2025-01-03 14:32
VLAI?
Title
Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances
Summary
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.
Severity ?
CWE
- CWE-656 - Reliance on Security Through Obscurity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDR-810 Series |
Affected:
1.0 , ≤ 5.12.37
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Lars Haulin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T14:32:27.077189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T14:32:35.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.37",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.25",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.25",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.13",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk.\u003c/p\u003e"
}
],
"value": "Moxa\u2019s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656: Reliance on Security Through Obscurity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T08:14:31.588Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eEDR-810 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u0026nbsp;or later\u003c/li\u003e\u003cli\u003eEDR-8010 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G902 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G903 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9004 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9010 Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDF-G1002-BP Series: Upgrade to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources\"\u003ethe firmware version 3.14\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;or later\u003c/span\u003e\u003c/li\u003e\u003cli\u003eNAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\u003c/li\u003e\u003cli\u003eOnCell G4302-LTE4 Series: Please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\"\u003eMoxa Technical Support\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;for the security patch\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eTN-4900 Series:\u0026nbsp;Please contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/support/support/technical-support\"\u003eMoxa Technical Support\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;for the security patch\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address vulnerability. The solutions for the affected products are listed below.\n\n\n\n * EDR-810 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \u00a0or later\n * EDR-8010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-8010-series#resources \u00a0or later\n * EDR-G902 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series#resources \u00a0or later\n * EDR-G903 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \u00a0or later\n * EDR-G9004 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9004-series#resources \u00a0or later\n * EDR-G9010 Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \u00a0or later\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.14 https://www.moxa.com/en/products/industrial-network-infrastructure/network-security-appliance/edf-g1002-bp-series#resources \u00a0or later\n * NAT-102 Series: An official patch or firmware update is not currently available for this product. Please refer to the Mitigations section below for recommended measures to address the vulnerability.\n * OnCell G4302-LTE4 Series: Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch\n * TN-4900 Series:\u00a0Please contact Moxa Technical Support https://www.moxa.com/support/support/technical-support \u00a0for the security patch"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation in Cellular Router, Secure Router, and Network Security Appliances",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cp\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eLimit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n\n\n * Limit SSH access to trusted IP addresses and networks using firewall rules or TCP wrappers.\n\n\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9138",
"datePublished": "2025-01-03T08:14:31.588Z",
"dateReserved": "2024-09-24T07:11:41.549Z",
"dateUpdated": "2025-01-03T14:32:35.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9139 (GCVE-0-2024-9139)
Vulnerability from cvelistv5 – Published: 2024-10-14 08:20 – Updated: 2024-11-06 20:47
VLAI?
Title
OS Command Injection in Restricted Command
Summary
The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDR-8010 Series |
Affected:
1.0 , ≤ 3.12.1
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Lars Haulin
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:moxa:edr-8010_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-8010_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:edr-g9004_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9004_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:edr-g9010_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:edf-g1002-bp_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edf-g1002-bp_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:nat-102_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:oncell_g4302-lte4_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncell_g4302-lte4_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.33",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9139",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-14T15:23:34.875609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:47:06.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-8010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9004 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDF-G1002-BP Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.12.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "OnCell G4302-LTE4 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.33",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Haulin"
}
],
"datePublic": "2024-10-14T08:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.\u003c/p\u003e"
}
],
"value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T06:39:57.957Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMoxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eEDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eNAT-102 Series: Please contact Moxa Technical Support for the security patch.\u003c/li\u003e\u003cli\u003eOnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eTN-4900 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\n * TN-4900 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in Restricted Command",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cbr\u003e"
}
],
"value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2024-9139",
"datePublished": "2024-10-14T08:20:52.200Z",
"dateReserved": "2024-09-24T07:11:43.318Z",
"dateUpdated": "2024-11-06T20:47:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4452 (GCVE-0-2023-4452)
Vulnerability from cvelistv5 – Published: 2023-11-01 14:24 – Updated: 2024-09-06 18:51
VLAI?
Title
Web Server Buffer Overflow Vulnerability
Summary
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.
Severity ?
6.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | EDR-810 Series |
Affected:
1.0 , ≤ 5.12.28
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Zhiyuan Chen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:46:43.241172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:51:24.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series ",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.28",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR G902 Series ",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.20",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR G903 Series ",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.20",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Zhiyuan Chen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. \n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T14:24:05.658Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-234880-edr-810-g902-g903-series-web-server-buffer-overflow-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\u003cbr\u003e\u003cul\u003e\u003cli\u003eEDR-810 Series: Please upgrade to firmware v5.12.29 or later\u003c/li\u003e\u003cli\u003eEDR-G902 Series: Please upgrade to firmware v5.7.21 or later\u003c/li\u003e\u003cli\u003eEDR-G903 Series: Please upgrade to firmware v5.7.21 or later\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or later\n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or later\n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or later\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Web Server Buffer Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-4452",
"datePublished": "2023-11-01T14:24:05.658Z",
"dateReserved": "2023-08-21T03:25:47.608Z",
"dateUpdated": "2024-09-06T18:51:24.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34214 (GCVE-0-2023-34214)
Vulnerability from cvelistv5 – Published: 2023-08-17 02:26 – Updated: 2024-10-28 06:07
VLAI?
Title
Second Order Command-injection Vulnerability in the Certificate-generation Function
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | TN-5900 Series |
Affected:
1.0 , ≤ 3.3
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:30:32.666754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:37:23.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:07:21.645Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Certificate-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-34214",
"datePublished": "2023-08-17T02:26:05.428Z",
"dateReserved": "2023-05-31T08:58:06.149Z",
"dateUpdated": "2024-10-28T06:07:21.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33239 (GCVE-0-2023-33239)
Vulnerability from cvelistv5 – Published: 2023-08-17 02:13 – Updated: 2024-10-28 06:04
VLAI?
Title
Second Order Command-injection Vulnerability in the Key-generation Function
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | TN-5900 Series |
Affected:
1.0 , ≤ 3.3
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:edr-g903:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g903",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:56:35.889846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:03:33.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:04:52.923Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below: * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series: Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series: Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series: Please upgrade to firmware v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Second Order Command-injection Vulnerability in the Key-generation Function",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33239",
"datePublished": "2023-08-17T02:13:25.280Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:04:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33238 (GCVE-0-2023-33238)
Vulnerability from cvelistv5 – Published: 2023-08-17 02:04 – Updated: 2024-10-28 06:03
VLAI?
Title
Command-injection Vulnerability in Certificate Management
Summary
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.
Severity ?
7.2 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Moxa | TN-5900 Series |
Affected:
1.0 , ≤ 3.3
(custom)
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:39:35.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-5900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "tn-4900",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-810",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:edr-g902:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g902",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edr-g9010",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nat-102",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:05:51.367695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:09:34.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TN-5900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TN-4900 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.2.4",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-810 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.12.27",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G902 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.17",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G903 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "5.7.15",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EDR-G9010 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NAT-102 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.0.3",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices.\u003c/p\u003e"
}
],
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T06:03:40.655Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-810 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources\"\u003ev5.12.29 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series:\u0026nbsp;Please upgrade to firmware\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n * TN-5900 Series: Please upgrade to firmware v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n * EDR-810 Series:\u00a0Please upgrade to firmware v5.12.29 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-810-series#resources \n * EDR-G902 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n * EDR-G903 Series:\u00a0Please upgrade to firmware v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n * EDR-G9010 Series:\u00a0Please upgrade to firmware v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n * NAT-102 Series:\u00a0Please upgrade to firmware\u00a0 v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command-injection Vulnerability in Certificate Management",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-33238",
"datePublished": "2023-08-17T02:04:50.789Z",
"dateReserved": "2023-05-19T02:30:16.483Z",
"dateUpdated": "2024-10-28T06:03:40.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0269
Vulnerability from certfr_avis - Published: 2025-04-02 - Updated: 2025-04-02
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | EDR-8010 Series | EDR-8010 Series versions de microgiciel antérieures à 3.17 | ||
| Moxa | EDR-810 Series | EDR-810 Series versions de microgiciel antérieures à 5.12.41 | ||
| Moxa | TN-4900 Series | TN-4900 Series sans les derniers correctifs de sécurité | ||
| Moxa | EDR-G9010 Series | EDR-G9010 Series sans les derniers correctifs de sécurité | ||
| Moxa | EDF-G1002-BP | EDF-G1002-BP Series versions de microgiciel antérieures à 3.17 | ||
| Moxa | OnCell G4302-LTE4 | OnCell G4302-LTE4 Series sans les derniers correctifs de sécurité | ||
| Moxa | EDR-G9004 Series | EDR-G9004 Series sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EDR-8010 Series versions de microgiciel ant\u00e9rieures \u00e0 3.17",
"product": {
"name": "EDR-8010 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-810 Series versions de microgiciel ant\u00e9rieures \u00e0 5.12.41",
"product": {
"name": "EDR-810 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "TN-4900 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "TN-4900 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-G9010 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "EDR-G9010 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDF-G1002-BP Series versions de microgiciel ant\u00e9rieures \u00e0 3.17",
"product": {
"name": "EDF-G1002-BP",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "OnCell G4302-LTE4 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "OnCell G4302-LTE4",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-G9004 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "EDR-G9004 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0415"
},
{
"name": "CVE-2025-0676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0676"
}
],
"initial_release_date": "2025-04-02T00:00:00",
"last_revision_date": "2025-04-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0269",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-259491",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0676-command-injection-leading-to-privilege-escalation"
},
{
"published_at": "2025-04-02",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-259491",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-259491-cve-2025-0415-command-injection-leading-to-denial-of-service-(dos)"
}
]
}