PT-2023-8754 · Moxa · Moxa Nport W2150A/W2250A Series
Vladimir Razov
·
Published
2023-10-26
·
Updated
2025-02-25
·
CVE-2024-1220
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:C |
Name of the Vulnerable Software and Affected Versions
Moxa NPort W2150A/W2250A Series firmware versions prior to 2.3
Description
The issue is related to a stack-based buffer overflow in the built-in web server of the Moxa NPort W2150A/W2250A Series. This can be exploited by a remote attacker sending a crafted payload to the web service, potentially resulting in denial of service.
Recommendations
For Moxa NPort W2150A/W2250A Series firmware versions prior to 2.3, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the built-in web server until a patch is available.
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Moxa Nport W2150A/W2250A Series