Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
Description
Improper input validation in the built-in web server of Moxa NPort IAW5000A-I/O series (firmware ≤2.2) allows remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper input validation in the built-in web server of Moxa NPort IAW5000A-I/O series (firmware ≤2.2) allows remote code execution.
Vulnerability
An OS command injection vulnerability exists in the built-in web server of Moxa NPort IAW5000A-I/O series wireless device servers. Improper input validation (CWE-20) allows an attacker to inject operating system commands. Affected firmware versions are 2.2 or earlier [1][2].
Exploitation
An unauthenticated attacker can exploit this vulnerability remotely by sending a specially crafted HTTP request to the web server. No authentication or user interaction is required, and the attack complexity is low [1][2].
Impact
Successful exploitation allows remote code execution at the device level, leading to full compromise of confidentiality, integrity, and availability. The CVSS v3 base score is 9.8 (Critical) [1][2].
Mitigation
Moxa has released a firmware update to address this vulnerability. Affected users should upgrade to a fixed version (beyond 2.2) as recommended in the vendor advisory [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.2
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.cisa.gov/uscert/ics/advisories/icsa-21-187-01mitrex_refsource_CONFIRM
- www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilitiesmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.