Headline
CVE-2023-3336: TN-5900 Series User Enumeration Vulnerability
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Please sign in
SUMMARY
TN-5900 Series User Enumeration Vulnerability
- Security Advisory ID: MPSA-230401
- Version: V1.0
- Release Date: Jul 03, 2023
- Reference:
- CVE-2023-3336
A user enumeration vulnerability exists in the TN-5900 Series. The vulnerability may allow a remote attacker to determine whether a user is valid during password recovery through the web login page and enable a brute force attack with valid users.
The identified vulnerability types and potential impacts are shown below:
Item
Vulnerability Type
Impact
1
CWE-204: Observable Response Discrepancy
An attacker located remotely can obtain sensitive information.
AFFECTED PRODUCTS AND SOLUTIONS
Affected Products:
The affected products and firmware versions are shown below.
Product Series
Affected Versions
TN-5900 Series
Firmware version 3.3 and earlier
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Products Confirmed Not Vulnerable:
Only products listed in the Affected Products section of this advisory are known to be affected by this vulnerability. Moxa has confirmed that this vulnerability does not affect the following products:
- TN-4900 Series
- EDR-810 Series
- EDR-G9010 Series
- EDR-G902 Series
- EDR-G903 Series
- NAT-102 Series
- Moxa Remote Connect Suite MRC-1002 Series
- OnCell 3120-LTE-1 Series
- OnCell 5104-HSPA Series
Revision History:
VERSION
DESCRIPTION
RELEASE DATE
1.0
First Release
July 3, 2023
Relevant Products
TN-5900 Series ·
Print this pageYou can manage and share your saved list in My Moxa
Related Advisories
- Multiple Routers Improper Input Validation Vulnerabilities
- TN-5916 Series Privilege Escalation Vulnerability
- Secure Router EDR and TN Series Improper Input Validation Vulnerabilities
- TN-5900 Series Secure Routers Vulnerabilities
- TN-5900 Series Secure Routers Vulnerability
Let’s get that fixed
If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.
Report a Vulnerability
You have some items waiting in your bag; click here to finish your quote!
You are currently on the Global / English site.
Would you like to go to the site for your region?
Feedback