Moxa NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability
Plan Patch8.2MPSA-238975Mar 7, 2024
Summary
Stack-based buffer overflow in the built-in web server of Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior. A remote attacker can send a crafted payload to the web service to trigger the overflow. Potential impacts include denial of service and integrity compromise.
What this means
What could happen
An attacker could crash the device or cause operational interruption by flooding the web server with a malformed request, disrupting the serial device server's ability to forward data between Ethernet and serial connections. In a production environment, this could disconnect critical remote equipment or monitoring systems.
Who's at risk
Water and electric utilities using Moxa NPort W2150A or W2250A serial device servers for remote terminal equipment access, RTU communication gateways, or legacy equipment connectivity. Any facility relying on these devices as a bridge between Ethernet networks and serial protocols (Modbus, DNP3) would be affected by service disruption.
How it could be exploited
An attacker on the network (or the internet if the device is exposed) sends a specially crafted HTTP request to the web server port (default 80) of the NPort device. The oversized payload overflows the stack buffer, crashing the web server process. Repeated exploitation could prevent legitimate access and cause prolonged service loss.
Prerequisites
- Network access to the web server port (default TCP 80)
- No authentication required
- Device running firmware version 2.3 or earlier
remotely exploitableno authentication requiredlow complexityno patch availableaffects device availability
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (1)
ProductAffected VersionsFix Status
NPort W2150A/W2250AAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate the NPort device behind a firewall and restrict HTTP/web access to only authorized engineering workstations or monitoring systems using IP-based access control lists
WORKAROUNDDisable the built-in web server if not actively used; check if your monitoring or configuration tools rely on it and use alternative management methods (SSH, serial console) if available
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXMonitor Moxa advisory channels (MPSA updates) for a firmware patch; upgrade to a patched version as soon as one becomes available and can be tested in a maintenance window
Mitigations - no patch available
0/1NPort W2150A/W2250A has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation so that the NPort device is on a restricted VLAN accessible only to necessary systems, limiting the attack surface from the broader network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/46c8abe5-c418-45a2-be40-ac5128c74453