Moxa NPort Serial-to-Ethernet Server Multiple Vulnerabilities
Critical Nessus Plugin ID 91284
SynopsisThe remote Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities.
DescriptionAccording to its telnet banner, the Moxa NPort Serial-to-Ethernet server model is affected by multiple vulnerabilities :
- An information disclosure vulnerability exists that allows an unauthenticated attacker to disclose sensitive account information.
- A remote code execution vulnerability exists due to a failure to authenticate firmware updates.
- An unspecified buffer overflow condition exists that allows an attacker to execute arbitrary code.
- An unspecified cross-site scripting (XSS) vulnerability exists that allows a remote attacker to execute arbitrary code in the user's browser session.
- An unspecified cross-site request forgery vulnerability (XSRF) exists that allows a remote attacker to trick a user into making an unintentional request.
SolutionThere is currently no known workaround or solution. Moxa will release fixes for all devices in late August 2016, except for model version 6110, which is discontinued.