Vulnerability identifier: #VU81458
Vulnerability risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-354
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
NPort 5000AI-M12 Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5100A Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5200 Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5200A Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5410
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5430
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5450
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5600 Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5600-DT Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort IA5000 Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort IA5450A Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort IA5150A
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort IA5250A
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort IA5000A-I/O Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort P5150A Series
Hardware solutions /
Routers & switches, VoIP, GSM, etc
NPort 5130
Hardware solutions /
Firmware
NPort 5150
Hardware solutions /
Firmware
NPort 5110
Hardware solutions /
Firmware
NPort IAW5000A-I/O Series
Hardware solutions /
Other hardware appliances
Vendor: Moxa
Description
The vulnerability allows a remote user to bypass integrity checks.
The vulnerability exists due to improper validation of integrity check. A remote authenticated administrator can manipulate the firmware and gain control of devices.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
NPort 5000AI-M12 Series: 1.5
NPort 5130: 3.10
NPort 5150: 3.10
NPort 5110: 2.10
NPort 5100A Series: 1.6
NPort 5200 Series: 2.12
NPort 5200A Series: 1.6
NPort 5410: 2.9 - 3.14
NPort 5430: 2.9 - 3.14
NPort 5450: 2.9 - 3.14
NPort 5600 Series: 3.11
NPort 5600-DT Series: 2.9
NPort IA5000 Series: 1.7 - 2.1
NPort IA5450A Series: 2.0
NPort IA5150A: 1.5
NPort IA5250A: 1.5
NPort IA5000A-I/O Series: 2.0
NPort IAW5000A-I/O Series: 2.2
NPort P5150A Series: 1.6
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.