CVE-2021-32974

Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

CVSS 9.8 CRITICALEPSS 2.6%CWE-20

In short

The Moxa NPort IAW5000A-I/O serial device server fails to properly check user input on its web interface, allowing remote attackers to run unauthorized commands on the device.

Technical detail

The built-in web server in Moxa NPort IAW5000A-I/O firmware ≤2.2 lacks proper input validation (CWE-20), enabling unauthenticated remote command execution via malicious web requests without requiring prior network access or credentials.

Summary generated and translated by AI from the official description.

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Moxa · NPort IAW5000A-I/O series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities