Maksim Khazov

**Name of the Vulnerable Software and Affected Versions** Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311 **Description** An exploitable authenticated command-injection issue exists in the web server functionality. A specially crafted HTTP POST request to "/goform/net WebPingGetValue" can result in running OS commands as the root user. **Recommendations** For Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311, update the firmware to version 2.2 Build 18082311 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/goform/net WebPingGetValue" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311 **Description** An exploitable authenticated command-injection issue exists in the web server functionality. A specially crafted HTTP POST request to "/goform/webSettingProfileSecurity" can result in running OS commands as the root user. **Recommendations** For Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311, update the firmware to version 2.2 Build 18082311 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/goform/webSettingProfileSecurity" endpoint to minimize the risk of exploitation.