Moxa Nport W2X50A Firmware vulnerabilities
2 known vulnerabilities affecting moxa/nport_w2x50a_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-19660P2HIGHCVSS 8.8fixed in 2.22018-12-06
CVE-2018-19660 [HIGH] CWE-78 CVE-2018-19660: An exploitable authenticated command-injection vulnerability exists in the web server functionality
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
nvd
CVE-2018-19659P3HIGHCVSS 8.8fixed in 2.22018-12-06
CVE-2018-19659 [HIGH] CVE-2018-19659: An exploitable authenticated command-injection vulnerability exists in the web server functionality
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
nvd