MOXA NPort IAW5000A-I/O Series
Description
The built-in WEB server on MOXA NPort IAW5000A-I/O firmware ≤2.1 does not limit SSH/Telnet authentication attempts, enabling remote brute-force attacks to bypass authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The built-in WEB server on MOXA NPort IAW5000A-I/O firmware ≤2.1 does not limit SSH/Telnet authentication attempts, enabling remote brute-force attacks to bypass authentication.
Vulnerability
The built-in WEB server on MOXA NPort IAW5000A-I/O devices running firmware version 2.1 or lower does not properly restrict excessive authentication attempts on SSH/Telnet sessions. This allows an attacker to perform brute-force attacks to bypass authentication. [1]
Exploitation
An attacker can remotely connect to the device's SSH or Telnet service and repeatedly try different credentials without any rate limiting or account lockout. No prior authentication is required, and the attack can be carried out with low skill level. [1]
Impact
Successful brute-force attacks allow the attacker to gain unauthorized access to the device's SSH/Telnet session, potentially leading to full compromise of the device and the connected serial devices. The CVSS v3 base score is 9.8 (Critical). [1]
Mitigation
MOXA has released firmware version 2.2 or later to address this vulnerability. Users should update to the latest firmware. If updating is not possible, restrict network access to the device using firewalls or VPNs. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=2.1+ 1 more
- (no CPE)range: <=2.1
- (no CPE)range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- us-cert.cisa.gov/ics/advisories/icsa-20-287-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.