Second Order Command-injection Vulnerability in the Certificate-generation Function
Description
TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Command injection in TN-5900 series certification generation function allows remote code execution due to insufficient input validation and improper authentication.
Vulnerability
The vulnerability exists in the certification-generation function of TN-5900 Series firmware versions v3.3 and prior. Insufficient input validation and improper authentication allow command injection, enabling remote code execution [1].
Exploitation
An attacker with network access to the device can send crafted requests to the certification-generation function without authentication. The lack of proper input validation allows injection of arbitrary commands, leading to remote code execution.
Impact
Successful exploitation allows an attacker to execute arbitrary commands on the affected device with elevated privileges, resulting in full compromise of confidentiality, integrity, and availability.
Mitigation
Moxa has developed firmware updates to address this vulnerability. Users should upgrade to the latest firmware version. As a workaround, minimize network exposure and use secure remote access methods such as VPNs [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=3.3+ 1 more
- (no CPE)range: <=3.3
- (no CPE)range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.