Headline
CVE-2021-32974: NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.
As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.
Please sign in
SUMMARY
NPort IAW5000A-I/O Series Serial Device Server Vulnerabilities
- Security Advisory ID: MPSA-210501
- Version: V1.0
- Release Date: May 27, 2021
- Reference:
- CVE-2021-32974
- BDU:2021-02699, BDU:2021-02700, BDU:2021-02701, BDU:2021-02702, BDU:2021-02703, BDU:2021-02704, BDU:2021-02705,BDU:2021-02706, BDU:2021-02707, BDU:2021-02708
Multiple product vulnerabilities were identified in Moxa’s NPort IAW5000A-I/O Series Wireless Device Server. In response to this, Moxa has developed related solutions to address these vulnerabilities.
The identified vulnerability types and potential impacts are shown below:
Item
Vulnerability Type
Impact
1
Buffer Overflow (CWE-120)
BDU:2021-02699, BDU:2021-02702
A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack.
2
Stack-Based Buffer Overflow (CWE-121)
BDU:2021-02700, BDU:2021-02701, BDU:2021-02703, BDU:2021-02704, BDU:2021-02708
A buffer overflow in the built-in web server allows remote attackers to initiate a DoS attack and execute arbitrary code (RCE).
3
Improper Input Validation (CWE-20)
BDU:2021-02705, BDU:2021-02706
Data can be copied without validation in the built-in web server, which allows remote attackers to initiate a DoS attack.
4
OS Command Injection (CWE-78)
BDU:2021-02707
Improper input validation in the built-in web server allows remote attackers to execute the OS command.
AFFECTED PRODUCTS AND SOLUTIONS
Affected Products:
The affected products and firmware versions are shown below.
Product Series
Affected Versions
NPort IAW5000A-I/O Series
Firmware Version 2.2 or lower
Solutions:
Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for affected products are shown below.
Product Series
Solutions
NPort IAW5000A-I/O Series
Please contact Moxa Technical Support for a security patch.
Acknowledgment:
We would like to express our appreciation to Konstantin Kondratev, Evgeniy Druzhinin and Ilya Karpov of Rostelecom-Solar for reporting the vulnerabilities, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
Revision History:
VERSION
DESCRIPTION
RELEASE DATE
1.0
First Release
May 27, 2021
Relevant Products
NPort IAW5000A-I/O Series ·
Print this pageYou can manage and share your saved list in My Moxa
Let’s get that fixed
If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.
Report a Vulnerability