Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMTUpload.
35bd8ec3c5b38937aa9d5775e8ed2feaacd3dfed7c92d6ae96cb03bf16903bcb
Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted
2ac55dc0e94a52eae63ae9272eda3788cbe1002c37fa22d4db10498c8ab74404