Lucene search

[email protected]CVE-2024-1220

HistoryMar 06, 2024 - 2:15 a.m.

CVE-2024-1220

2024-03-0602:15:44

CWE-121

[email protected]

web.nvd.nist.gov

cve

buffer overflow

web server

moxa

nport

denial of service

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NPort W2150A/W2250A Series",
    "vendor": "Moxa",
    "versions": [
      {
        "lessThanOrEqual": "2.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1220

cvelist1 nvd1 prion1