VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 17, 2023· Updated Oct 28, 2024

Second Order Command-injection Vulnerability in the Key-generation Function

CVE-2023-33239

Description

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in Moxa TN-4900 and TN-5900 series web server key-generation function allows remote code execution.

Vulnerability

The command injection vulnerability resides in the key-generation function of the web server on Moxa TN-4900 Series (firmware version v1.2.4 and prior) and TN-5900 Series (firmware version v3.3 and prior) [1]. Insufficient input validation in this function allows an attacker to inject arbitrary operating system commands. The code path is reachable through the web interface without requiring authentication.

Exploitation

An attacker with network access to the affected device's web server can send a specially crafted request to the key-generation endpoint. No prior authentication or user interaction is required. The injected commands are executed with the privileges of the web server process.

Impact

Successful exploitation results in remote code execution on the device. The attacker can execute arbitrary commands, potentially leading to full compromise of the device, including data exfiltration, installation of malware, or disruption of operations.

Mitigation

As of the advisory publication date, Moxa has not released a firmware patch for this vulnerability [1]. Recommended mitigations include minimizing network exposure of the device and using VPNs for remote access [1]. Users should monitor Moxa's security advisory for future firmware updates.

References
  1. TN-5900 and TN-4900 Series Web Server Multiple Vulnerabilities | Moxa

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Moxa/TN-4900 Seriesllm-create2 versions
    <=1.2.4+ 1 more
    • (no CPE)range: <=1.2.4
    • (no CPE)range: 1.0
  • Moxa/TN-5900 Seriesllm-fuzzy2 versions
    <=3.3+ 1 more
    • (no CPE)range: <=3.3
    • (no CPE)range: 1.0
  • Moxa/EDR-810 Seriesv5
    Range: 1.0
  • Moxa/EDR-G9010 Seriesv5
    Range: 1.0
  • Moxa/EDR-G902cpe-rescue
    Range: 1.0
  • Moxa/Edr G903cpe-rescue
    Range: 1.0
  • Moxa/NAT-102 Seriesv5
    Range: 1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.