NPort 5100A Series Affected by Web Server XSS Vulnerability
CVE-2024-3576
8.3HIGH
Summary
The Moxa NPort 5100A Series, specifically firmware versions v1.6 and earlier, is susceptible to a cross-site scripting (XSS) vulnerability within its web server. This flaw arises from inadequate neutralization of user input before it is outputted, creating a pathway for malicious actors to infiltrate the system. By leveraging this vulnerability, attackers may extract sensitive information or escalate their privileges, posing significant security risks to environments utilizing these products.
Affected Version(s)
NPort 5100A Series 1.0 <= 1.6
References
CVSS V3.1
Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nicolai Grødum of PwC Norway