Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Vulnerability

CVE-2021-32970 is an improper input validation vulnerability (CWE-20) in the built-in web server of Moxa NPort IAW5000A-I/O series wireless device servers. The vulnerability affects firmware version 2.2 or earlier [1][2]. Data can be copied without proper validation, which a remote attacker can exploit to cause denial-of-service conditions.

Exploitation

The attacker does not require authentication or user interaction; the vulnerability can be exploited over the network with low complexity (CVSS v3 vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) [2]. An attacker sends specially crafted data to the built-in web server, which fails to validate the input, leading to a condition that disrupts device availability.

Impact

Successful exploitation results in a denial-of-service condition, impacting the availability of the device. The CVSS base score is 7.5 (High severity). The vulnerability does not directly affect confidentiality or integrity [2].

Mitigation

Moxa has released a firmware update to address this vulnerability. Users are advised to update to the latest firmware version for the NPort IAW5000A-I/O series. As of the advisory date (May 27, 2021), the fix is available [1]. CISA recommends that users take defensive measures to minimize exploitation risk [2].