Lucene search

MoxaVULNRICHMENT:CVE-2024-1220

HistoryMar 06, 2024 - 1:51 a.m.

CVE-2024-1220 NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability

2024-03-0601:51:19

CWE-121

Moxa

github.com

cve-2024-1220

moxa

nport w2150a/w2250a

stack-based buffer overflow

web server

firmware

remote attacker

crafted payload

denial of service

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:moxa:nport_w2150a_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "moxa",
    "product": "nport_w2150a_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "1.0",
        "versionType": "custom",
        "lessThanOrEqual": "2.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1220