CVE-2021-32970

Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

CVSS 7.5 HIGHEPSS 1.6%CWE-20

In short

The Moxa NPort IAW5000A-I/O serial device server's web interface does not properly validate incoming data, allowing remote attackers to send malicious requests that crash or disable the device.

Technical detail

The built-in web server in firmware 2.2 and earlier fails to validate user-supplied input before processing, enabling a remote unauthenticated attacker to trigger a denial-of-service condition through crafted network requests without requiring prior access or special configuration.

Summary generated and translated by AI from the official description.

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Moxa · NPort IAW5000A-I/O series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities