cvelistv5 - cve-2023-34217

▼	URL	Tags
	psirt@moxa.com	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities	Patch, Vendor Advisory

▼	Vendor	Product
	Moxa	TN-5900 Series
	Moxa	TN-4900 Series
	Moxa	EDR-G902 Series
	Moxa	EDR-G903 Series
	Moxa	EDR-G9010 Series
	Moxa	NAT-102 Series

ghsa-9h45-q875-xxrx

Vulnerability from github

Published

2023-08-17 09:30

Modified

2024-04-04 07:01

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-34217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-17T07:15:43Z",
    "severity": "HIGH"
  },
  "details": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. ",
  "id": "GHSA-9h45-q875-xxrx",
  "modified": "2024-04-04T07:01:09Z",
  "published": "2023-08-17T09:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34217"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-202308-2816

Vulnerability from variot

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2816",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tn-5900",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "3.3"
      },
      {
        "model": "tn-4900",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.2.4"
      },
      {
        "model": "tn-5900",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "tn-4900",
        "scope": null,
        "trust": 0.8,
        "vendor": "moxa",
        "version": null
      },
      {
        "model": "tn-5900",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=3.3"
      },
      {
        "model": "tn-4900",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "\u003c=1.2.4"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "cve": "CVE-2023-34217",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2023-64097",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2023-34217",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-34217",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@moxa.com",
            "id": "CVE-2023-34217",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-64097",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. Moxa Inc. of TN-5900 firmware and tn-4900 A path traversal vulnerability exists in firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. MOXA TN-4900 is a series of industrial firewall routers produced by MOXA in China. MOXA TN-5900 is a series of industrial firewall routers produced by China MOXA Company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34217"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-34217",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34217",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "id": "VAR-202308-2816",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      }
    ],
    "trust": 1.01666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      }
    ]
  },
  "last_update_date": "2024-01-24T22:48:35.816000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for MOXA TN-4900 and TN-5900 Command Injection Vulnerability (CNVD-2023-64097)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/452546"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.0
      },
      {
        "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-34217"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-34217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "date": "2023-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-34217"
      },
      {
        "date": "2024-01-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "date": "2023-08-17T07:15:43.383000",
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-64097"
      },
      {
        "date": "2023-08-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-34217"
      },
      {
        "date": "2024-01-23T04:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      },
      {
        "date": "2023-08-23T16:41:43.143000",
        "db": "NVD",
        "id": "CVE-2023-34217"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa\u00a0Inc.\u00a0 of \u00a0TN-5900\u00a0 firmware and \u00a0tn-4900\u00a0 Path traversal vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-022442"
      }
    ],
    "trust": 0.8
  }
}

wid-sec-w-2023-2089

Vulnerability from csaf_certbund

Published

2023-08-16 22:00

Modified

2023-08-16 22:00

Summary

Moxa Router: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Moxa Router sind Router für industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverlässige und sichere Netzwerkkonnektivität zu bieten.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Moxa Router sind Router f\u00fcr industrielle Anwendungen die darauf ausgelegt sind, in anspruchsvollen Umgebungen zuverl\u00e4ssige und sichere Netzwerkkonnektivit\u00e4t zu bieten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Moxa Router ausnutzen, uum beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2089 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2089.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2089 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2089"
      },
      {
        "category": "external",
        "summary": "Moxa Security Advisories - MPSA-230402 vom 2023-08-16",
        "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Moxa Router: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-08-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:40:50.388+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2089",
      "initial_release_date": "2023-08-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
                "product": {
                  "name": "Moxa Router TN-4900 Series \u003c= 1.2.4",
                  "product_id": "T029390",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:1.2.4::tn-4900_series"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Moxa Router TN-5900 Series \u003c 3.4",
                "product": {
                  "name": "Moxa Router TN-5900 Series \u003c 3.4",
                  "product_id": "T029391",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:moxa:router:3.4::tn-5900_series"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Router"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-34217",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-34217"
    },
    {
      "cve": "CVE-2023-34216",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-34216"
    },
    {
      "cve": "CVE-2023-34215",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-34215"
    },
    {
      "cve": "CVE-2023-34214",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-34214"
    },
    {
      "cve": "CVE-2023-34213",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-34213"
    },
    {
      "cve": "CVE-2023-33239",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-33239"
    },
    {
      "cve": "CVE-2023-33238",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-33238"
    },
    {
      "cve": "CVE-2023-33237",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in den Moxa Routern der TN-5900 und TN-4900 Serien. Diese Fehler sind auf eine unzureichende Eingabevalidierung zur\u00fcckzuf\u00fchren. Durch das Senden von manipulierten Eingaben an den Webdienst kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder seine Privilegien zu erweitern."
        }
      ],
      "product_status": {
        "last_affected": [
          "T029390"
        ]
      },
      "release_date": "2023-08-16T22:00:00Z",
      "title": "CVE-2023-33237"
    }
  ]
}

gsd-2023-34217

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files.

Aliases

CVE-2023-34217

Aliases

CVE-2023-34217

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-34217",
    "id": "GSD-2023-34217"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-34217"
      ],
      "details": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. ",
      "id": "GSD-2023-34217",
      "modified": "2023-12-13T01:20:30.359081Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@moxa.com",
        "ID": "CVE-2023-34217",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "TN-5900 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "3.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "TN-4900 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "1.2.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-G902 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "5.7.17"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-G903 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "5.7.15"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "EDR-G9010 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "2.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "NAT-102 Series",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0",
                          "version_value": "1.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Moxa"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
            "refsource": "MISC",
            "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\u003cbr\u003e\u003cul\u003e\u003cli\u003e\u003cli\u003eTN-4900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTN-5900 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources\"\u003ev3.4 or higher.\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G902 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series?#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G903 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources\"\u003ev5.7.21 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEDR-G9010 Series: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePlease upgrade to firmware \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources\"\u003ev3.0 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNAT-102 Series: Please upgrade to firmware \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources\"\u003ev1.0.5 or higher.\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *    *  TN-4900 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \n  *  TN-5900 Series: Please upgrade to firmware  v3.4 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/en-50155-routers/tn-5900-series#resources \u00a0\n  *  EDR-G902 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g902-series \n  *  EDR-G903 Series: Please upgrade to firmware  v5.7.21 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g903-series#resources \n  *  EDR-G9010 Series: Please upgrade to firmware  v3.0 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/edr-g9010-series#resources \n  *  NAT-102 Series: Please upgrade to firmware  v1.0.5 or higher. https://www.moxa.com/en/products/industrial-network-infrastructure/secure-routers/secure-routers/nat-102-series#resources \n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.2.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@moxa.com",
          "ID": "CVE-2023-34217"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-08-23T16:41Z",
      "publishedDate": "2023-08-17T07:15Z"
    }
  }
}

cve-2023-34217

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2023-34217

Vulnerability from cvelistv5

ghsa-9h45-q875-xxrx

Vulnerability from github

var-202308-2816

Vulnerability from variot

wid-sec-w-2023-2089

Vulnerability from csaf_certbund

gsd-2023-34217

Vulnerability from gsd

Tags

Sightings

Nomenclature