CVE-2018-19660

Name of the Vulnerable Software and Affected Versions Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311

Description An exploitable authenticated command-injection issue exists in the web server functionality. A specially crafted HTTP POST request to "/goform/webSettingProfileSecurity" can result in running OS commands as the root user.

Recommendations For Moxa NPort W2x50A products with firmware prior to 2.2 Build 18082311, update the firmware to version 2.2 Build 18082311 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/goform/webSettingProfileSecurity" endpoint to minimize the risk of exploitation.