CVE-2024-1220 HIGH

CVE-2024-1220: NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability

Vendor Moxa
Product NPort W2150A/W2250A Series
Weakness CWE-121
Published March 6, 2024
Last update August 23, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.

Key dates

02Disclosure timeline

March 6, 2024 CVE published
August 23, 2024 Record updated