CVE-2021-32968

Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow

CVSS 7.5 HIGHEPSS 1.6%CWE-120

In short

The web server in Moxa NPort IAW5000A-I/O devices has buffer overflow flaws that can be exploited remotely to crash the device, making it unavailable. This is critical because these devices manage serial communications in industrial environments.

Technical detail

Two buffer overflow vulnerabilities (CWE-120) exist in the built-in web server of Moxa NPort IAW5000A-I/O Series firmware ≤2.2. A remote attacker can send specially crafted HTTP requests to trigger memory corruption, resulting in denial-of-service via device crash. No authentication is required for exploitation.

Summary generated and translated by AI from the official description.

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Moxa · NPort IAW5000A-I/O Series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities