Details of VAR-202403-0372

ID

VAR-202403-0372

CVE

CVE-2024-1220

TITLE

plural Moxa Inc. Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2024-020162

DESCRIPTION

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service. NPort W2150A firmware, NPort W2250A firmware, NPort W2150A-T firmware etc. Moxa Inc. The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state. MOXA NPort W2150A/W2250A is a series of wireless device networking servers from China's MOXA company

Trust: 2.16

sources: NVD: CVE-2024-1220 // JVNDB: JVNDB-2024-020162 // CNVD: CNVD-2024-41851

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-41851

AFFECTED PRODUCTS

vendor:	moxa	model:	nport w2150a-t	scope:	lte	version:	2.3	Trust: 1.0
vendor:	moxa	model:	nport w2250a	scope:	lte	version:	2.3	Trust: 1.0
vendor:	moxa	model:	nport w2250a-t	scope:	lte	version:	2.3	Trust: 1.0
vendor:	moxa	model:	nport w2150a	scope:	lte	version:	2.3	Trust: 1.0
vendor:	moxa	model:	nport w2150a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport w2250a-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport w2150a-t	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport w2250a	scope:	-	version:	-	Trust: 0.8
vendor:	moxa	model:	nport w2150a/w2250a series	scope:	lte	version:	<=2.3	Trust: 0.6

sources: CNVD: CNVD-2024-41851 // JVNDB: JVNDB-2024-020162 // NVD: CVE-2024-1220

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@moxa.com:	CVE-2024-1220
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2024-1220
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-1220
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-41851
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-41851
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@moxa.com:	CVE-2024-1220
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-1220
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2024-1220
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-41851 // JVNDB: JVNDB-2024-020162 // NVD: CVE-2024-1220 // NVD: CVE-2024-1220

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020162 // NVD: CVE-2024-1220

PATCH

title:

Patch for MOXA NPort W2150A/W2250A Series Buffer Overflow Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/601601

Trust: 0.6

sources: CNVD: CNVD-2024-41851

EXTERNAL IDS

db:	NVD	id:	CVE-2024-1220	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-020162	Trust: 0.8
db:	CNVD	id:	CNVD-2024-41851	Trust: 0.6

sources: CNVD: CNVD-2024-41851 // JVNDB: JVNDB-2024-020162 // NVD: CVE-2024-1220

REFERENCES

url:	https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-1220	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2024-1220/	Trust: 0.6

sources: CNVD: CNVD-2024-41851 // JVNDB: JVNDB-2024-020162 // NVD: CVE-2024-1220

SOURCES

db:	CNVD	id:	CNVD-2024-41851
db:	JVNDB	id:	JVNDB-2024-020162
db:	NVD	id:	CVE-2024-1220

LAST UPDATE DATE

2025-03-13T22:50:53.231000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-41851	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-020162	date:	2025-03-11T09:00:00
db:	NVD	id:	CVE-2024-1220	date:	2025-02-25T17:42:20.793

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-41851	date:	2024-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2024-020162	date:	2025-03-11T00:00:00
db:	NVD	id:	CVE-2024-1220	date:	2024-03-06T02:15:44.810