Vulnerabilities > CVE-2024-1220 - Out-of-bounds Write vulnerability in Moxa products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

moxa

CWE-787

NVD

Published: 2024-03-06

Updated: 2025-02-25

Summary

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa Nport W2150A Firmware 1.10 Moxa Nport W2150A Firmware 1.11 Moxa Nport W2150A Firmware 2.0 Moxa Nport W2150A Firmware 2.1 Moxa Nport W2250A Firmware 1.10 Moxa Nport W2250A Firmware 1.11 Moxa Nport W2250A Firmware 2.0 Moxa Nport W2250A Firmware 2.1 Moxa Nport W2150A T Firmware * Moxa Nport W2250A T Firmware *	10
Hardware	Moxa Moxa Nport W2150A - Moxa Nport W2250A - Moxa Nport W2150A T - Moxa Nport W2250A T -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References