Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow

Vulnerability

Two buffer overflow vulnerabilities exist in the built-in web server of Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier [1], [2]. These are classified as classic buffer overflows (CWE-120) and can be triggered by remote attackers without authentication or user interaction [2].

Exploitation

An attacker can exploit these vulnerabilities remotely over the network by sending specially crafted requests to the built-in web server [2]. No authentication or special privileges are required, and the attack complexity is low, meaning the attacker does not need to win a race condition or manipulate specific timing [2].

Impact

Successful exploitation allows a remote attacker to cause a denial-of-service condition, crashing the affected device [1], [2]. The CVSS v3 base score for these specific vulnerabilities is 7.5 with a vector of (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact but no impact on confidentiality or integrity [2].

Mitigation

Moxa has not released a firmware update for the NPort IAW5000A-I/O Series that addresses these buffer overflow vulnerabilities as of the advisory date (May 27, 2021) [1]. Users are advised to apply defense-in-depth measures, such as restricting network access to the device and using firewalls or VPNs [1], [2]. The vulnerabilities are not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.