CVE-2023-34216
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.0%
TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moxa | tn-5900_firmware | * | cpe:2.3:o:moxa:tn-5900_firmware:*:*:*:*:*:*:*:* |
| moxa | tn-5900 | - | cpe:2.3:h:moxa:tn-5900:-:*:*:*:*:*:*:* |
| moxa | tn-4900_firmware | * | cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:* |
| moxa | tn-4900 | - | cpe:2.3:h:moxa:tn-4900:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.0%