CVE-2021-32976 – Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-32976
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code. Cinco desbordamientos de búfer en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior pueden permitir a un atacante remoto iniciar un ataque de denegación de servicio y ejecutar código arbitrario • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2021-32970 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32970
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions. Los datos pueden ser copiados sin ser comprobados en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, lo que puede permitir a un atacante remoto causar condiciones de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-20: Improper Input Validation •
CVE-2021-32974 – Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-32974
Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands. Una comprobación inapropiada de la entrada en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior puede permitir a un atacante remoto ejecutar comandos • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-32968 – Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-32968
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. Dos desbordamientos de búfer en el servidor web incorporado en la serie Moxa NPort IAW5000A-I/O firmware versión 2.2 o anterior, pueden permitir a un atacante remoto causar una condición de denegación de servicio • https://www.cisa.gov/uscert/ics/advisories/icsa-21-187-01 https://www.moxa.com/en/support/product-support/security-advisory/nport-iaw5000a-io-serial-device-server-vulnerabilities • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •