NPort 5100A Series Affected by Web Server XSS Vulnerability
CVE-2024-3576

8.3HIGH

Key Information:

Vendor: Moxa
Status: Nport 5100a Series
Vendor: CVE Published:; 6 May 2024

What is CVE-2024-3576?

The Moxa NPort 5100A Series, specifically firmware versions v1.6 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability within its web server. This flaw arises from inadequate neutralization of user input before it is outputted, creating a pathway for malicious actors to infiltrate the system. By leveraging this vulnerability, attackers may extract sensitive information or escalate their privileges, posing significant security risks to environments utilizing these products.

Affected Version(s)

NPort 5100A Series 1.0 <= 1.6

References

https://www.moxa.com/en/support/product-support/security-...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2024
Vulnerability Reserved
Apr 10, 2024

Credit

Nicolai Grødum of PwC Norway