VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 17, 2023· Updated Oct 28, 2024

Second Order Command-injection Vulnerability in the Key-generation Function

CVE-2023-34213

Description

TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Command injection in TN-5900 Series firmware v3.3 and prior via key-generation function allows remote code execution.

Vulnerability

A command injection vulnerability exists in the key-generation function of TN-5900 Series firmware versions v3.3 and prior [1]. The flaw stems from insufficient input validation and improper authentication, allowing an attacker to inject arbitrary commands through the web server [1].

Exploitation

An attacker with network access to the affected device can send specially crafted requests to the key-generation endpoint without authentication [1]. By manipulating input parameters, arbitrary operating system commands can be injected and executed [1].

Impact

Successful exploitation enables remote code execution with the privileges of the web server, typically root or system-level access [1]. This compromises confidentiality, integrity, and availability of the device and potentially the network it serves.

Mitigation

Moxa has not yet released a fixed firmware version for TN-5900 Series [1]. As a workaround, minimize network exposure by ensuring the device is not accessible from the Internet, and use VPNs for remote access [1].

References
  1. TN-5900 and TN-4900 Series Web Server Multiple Vulnerabilities | Moxa

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Moxa/TN-5900 Seriesllm-fuzzy2 versions
    <= 3.3+ 1 more
    • (no CPE)range: <= 3.3
    • (no CPE)range: 1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.