Moxa Nport 5100A Series vulnerabilities

CVE-2025-15017 [HIGH] CWE-489 CVE-2025-15017: A vulnerability exists in serial device servers where active debug code remains enabled in the UART A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low com

CVE-2024-3576 [HIGH] CWE-79 CVE-2024-3576: The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulne The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.

CVE-2023-4929 [MEDIUM] CWE-354 CVE-2023-4929: All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity c All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.