CVE-2021-32976

Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow

CVSS 9.8 CRITICALEPSS 2.6%CWE-121

In short

The web server in Moxa NPort IAW5000A-I/O devices has multiple memory vulnerabilities that let remote attackers crash the device or run malicious code without authentication.

Technical detail

Five stack-based buffer overflows in the built-in web server of NPort IAW5000A-I/O firmware ≤2.2 allow unauthenticated remote code execution and denial-of-service via malformed HTTP requests. The vulnerabilities enable attackers to overwrite stack memory and seize control of program execution.

Summary generated and translated by AI from the official description.

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Moxa · NPort IAW5000A-I/O series firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities