VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 5, 2023· Updated Nov 20, 2024

TN-5900 Series User Enumeration Vulnerability

CVE-2023-3336

Description

TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

User enumeration vulnerability in TN-5900 Series firmware ≤3.3 allows remote attackers to identify valid users via password recovery, enabling brute-force attacks.

Vulnerability

The TN-5900 Series web login page contains a user enumeration vulnerability in the password recovery feature. Affected firmware versions are 3.3 and earlier. The issue is classified as CWE-204 (Observable Response Discrepancy), where the server returns different responses for valid and invalid usernames, allowing an attacker to determine which accounts exist [1].

Exploitation

An attacker with network access to the device's web interface can send password recovery requests for various usernames. By observing the response differences (e.g., error messages or timing), the attacker can compile a list of valid usernames without authentication. This enumeration step then enables targeted brute-force password attacks against the identified accounts [1].

Impact

Successful exploitation results in the disclosure of valid usernames, which is sensitive information. This information can be leveraged to perform brute-force attacks, potentially leading to unauthorized access to the device. The impact is primarily information disclosure and an increased risk of account compromise [1].

Mitigation

Moxa has developed solutions for the affected TN-5900 Series devices. Users should contact Moxa support or refer to the security advisory (MPSA-230401) for firmware update details. No specific fixed version is listed in the advisory. The TN-4900 Series and other products listed in the advisory are not affected [1].

References
  1. TN-5900 Series User Enumeration Vulnerability | Moxa

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Moxa/TN-5900 Seriesllm-create2 versions
    <=3.3+ 1 more
    • (no CPE)range: <=3.3
    • (no CPE)range: 1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.