Authentication Bypass Without Administrator Privilege

Vulnerability

The TN-5900 Series firmware version v3.3 and prior contains an improper authentication vulnerability in the web API handler. Inadequate authentication checks allow low-privileged API endpoints to execute actions that should be restricted to high-privileged APIs. This affects all TN-5900 devices running firmware v3.3 and earlier. [1]

Exploitation

An attacker with network access to the device's web interface can exploit this by sending crafted API requests that bypass authentication checks. No prior authentication is required for low-privileged APIs, and the attacker can directly invoke restricted actions. The advisory does not detail specific steps but indicates the vulnerability is remotely exploitable. [1]

Impact

Successful exploitation allows an attacker to perform unauthorized actions that are normally reserved for high-privileged users, potentially leading to full device compromise, including configuration changes, data access, or disruption of services. The exact impact depends on the specific restricted actions exposed. [1]

Mitigation

Moxa has developed solutions but the advisory does not specify a fixed firmware version. Users should minimize network exposure of the device, ensure it is not accessible from the Internet, and use VPNs for remote access. Check Moxa's support portal for updated firmware. [1]