Moxa NPort W2150A/NPort W2250A Serial Device Servers Vulnerabilities

Low Risk2nport-w2150a-nport-w2250a-serial-device-servers-vulnerabilitiesDec 13, 2018

Summary

Multiple authenticated OS command injection vulnerabilities exist in NPort W2150A and NPort W2250A Serial Device Servers. CVE-2018-19659 affects the web server ping function, and CVE-2018-19660 affects WLAN profile properties configuration. Both vulnerabilities allow users with administrative privileges to inject and execute arbitrary OS commands, potentially circumventing Linux user access controls. No firmware patches are available from Moxa for these products.

What this means

What could happen

An authenticated administrative user could run arbitrary OS commands on the serial device server, potentially modifying device configuration, redirecting serial data traffic, or disrupting connectivity to field devices.

Who's at risk

Water utilities and electric power operators using Moxa NPort W2150A/W2250A serial device servers for remote I/O and RTU communication should be concerned. These devices are commonly deployed at unmanned remote sites, SCADA networks, and telemetry systems to convert Ethernet to serial Modbus, DNP3, or proprietary RTU protocols.

How it could be exploited

An attacker with valid administrative credentials gains access to the web server interface. They can inject OS commands through either the ping function or WLAN profile properties interface, which are executed by the device with elevated privileges.

Prerequisites

Valid administrative credentials for the NPort web interface
Network access to the device web server (default port 80 or 443)
Device must have the vulnerable ping or WLAN configuration functions enabled

Requires valid administrative credentialsNo patch available—product end-of-lifeAffects serial gateway devices critical for remote field communication

Exploitability

Moderate exploit probability (EPSS 2.2%)

Affected products (1)

ProductAffected VersionsFix Status

NPort W2150A/NPortAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict administrative access to the NPort device web interface using network segmentation or firewall rules—only authorized engineering workstations should reach the management port

HARDENINGChange the default administrative credentials and enforce a strong password policy for all NPort device accounts

WORKAROUNDDisable the WLAN and ping management functions if not required for operations

Mitigations - no patch available

0/1

NPort W2150A/NPort has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor administrative access logs on the device for suspicious login attempts or command execution

CVEs (2)

CVE-2018-19659 CVE-2018-19660

View full Moxa Security advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9d3cda40-d0b5-4a1b-b43b-92a4b2bbae22