CVE-2020-27149

3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Nport Ia5150a Firmware Moxa Nport Ia5250a Firmware Moxa Nport Ia5450a Firmware

Timeline

PublishedMay 14

Latest updateMay 24

Description

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5nport_ia5000a_series_with_web_console_enabledAll versions before 1.5 for NPort IA5150A/IA5250A Series. All version before 2.0 for NPort 5450 Series

▶NVDmoxa/nport_ia5150a_firmware< 1.5

▶NVDmoxa/nport_ia5250a_firmware< 1.5

▶NVDmoxa/nport_ia5450a_firmware< 2.0

🔴Vulnerability Details

GHSA

GHSA-6q59-xh2r-73jw: By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1↗2022-05-24

▶

CVEList

CVE-2020-27149: By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1↗2021-05-14

▶