Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow

Vulnerability

Five stack-based buffer overflow vulnerabilities (CWE-121) exist in the built-in web server of Moxa NPort IAW5000A-I/O series wireless device servers running firmware Version 2.2 or earlier [1][2]. The affected product series is the NPort IAW5000A-I/O [1]. These overflows occur when the web server processes specially crafted network requests without proper bounds checking [2].

Exploitation

An attacker can exploit these vulnerabilities remotely over the network with low attack complexity and no required privileges or user interaction [2]. The attacker sends a crafted request to the web server, triggering a stack-based buffer overflow [2]. No authentication is needed, and the attack does not require any special network position beyond reachability of the device [2].

Impact

Successful exploitation can cause a denial-of-service condition (device crash) or allow arbitrary code execution with the privileges of the web server process [1][2]. The CVSS v3 base score is 9.8 (Critical) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating complete compromise of confidentiality, integrity, and availability [2].

Mitigation

Moxa released a security advisory (MPSA-210501) on May 27, 2021, recommending users upgrade to a fixed firmware version [1]. Users should contact Moxa support for the latest firmware update [1]. No workarounds are documented [1]. CISA also advises applying the update [2].