Authenticated Command Injection Vulnerability in Moxa NPort W2x50A Products
CVE-2018-19659

8.8HIGH

Key Information:

Vendor: Moxa
Status: Nport W2x50a Firmware
Vendor: CVE Published:; 6 December 2018

What is CVE-2018-19659?

An authenticated command injection vulnerability exists in the web server component of Moxa NPort W2x50A products that could allow attackers to execute arbitrary OS commands with root privileges. By sending a specially crafted HTTP POST request to the /goform/net_WebPingGetValue endpoint, an attacker could manipulate the system and issue unauthorized commands. This vulnerability underscores the importance of securing web interfaces and ensuring firmware is updated to mitigate potential exploits. For more information, refer to related discussions and analyses.

References

http://seclists.org/fulldisclosure/2018/Nov/64

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/150535/Moxa-NPort-W2...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2018
Vulnerability Reserved
Nov 29, 2018