MOXA NPort IAW5000A-I/O Series

Vulnerability

The built-in WEB server in MOXA NPort IAW5000A-I/O firmware version 2.1 or lower suffers from improper privilege management (CWE-269). This vulnerability allows an attacker who already possesses valid user-level credentials to perform requests that should only be available to administrative users. The affected product is the NPort IAW5000A-I/O serial device server running firmware version 2.1 or lower [1].

Exploitation

An attacker needs only a valid user account on the device and network access to the WEB server (remote exploitation, low complexity). No user interaction is required. The attacker can craft HTTP requests that bypass privilege checks, effectively escalating their privileges to administrative level [1].

Impact

Successful exploitation grants the attacker full administrative control over the device. This leads to complete compromise of confidentiality, integrity, and availability: the attacker can read, modify, or delete sensitive data, change device configuration, and disrupt operations [1].

Mitigation

MOXA has released a firmware update to address this vulnerability. Users should upgrade to the latest firmware version as recommended in the vendor advisory. No workarounds are documented; the only mitigation is to apply the patch [1].