Login Sign Up

CVE-2024-1220

8.2 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability in the built-in web server of Moxa NPort W2150A/W2250A Series devices allows remote attackers to send crafted payloads to cause denial of service. This affects devices running firmware version 2.3 and earlier. Organizations using these industrial networking devices are at risk.

💻 Affected Systems

Products:
  • Moxa NPort W2150A Series
  • Moxa NPort W2250A Series
Versions: Firmware version 2.3 and prior
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with web server enabled (default configuration) are vulnerable. Industrial control systems using these devices for serial-to-Ethernet connectivity are affected.

📦 What is this software?

Nport W2150a Firmware by Moxa

View all CVEs affecting Nport W2150a Firmware →

Nport W2150a T Firmware by Moxa

View all CVEs affecting Nport W2150a T Firmware →

Nport W2250a Firmware by Moxa

View all CVEs affecting Nport W2250a Firmware →

Nport W2250a T Firmware by Moxa

View all CVEs affecting Nport W2250a T Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash leading to permanent denial of service, requiring physical reset or replacement of affected industrial networking equipment.

🟠

Likely Case

Temporary denial of service causing network connectivity loss for connected industrial devices until manual reboot.

🟢

If Mitigated

Minimal impact if devices are patched, isolated, or have web interfaces disabled.

🌐 Internet-Facing: HIGH - Remote exploitation possible via web interface, potentially leading to widespread service disruption.
🏢 Internal Only: HIGH - Even internally, the vulnerability can be exploited to disrupt critical industrial network operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Remote exploitation requires no authentication. The vulnerability is in the web service interface, making it accessible to any network-accessible attacker.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 2.4 or later

Vendor Advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability

Restart Required: Yes

Instructions:

1. Download firmware version 2.4 or later from Moxa website. 2. Log into device web interface. 3. Navigate to Maintenance > Firmware Upgrade. 4. Upload new firmware file. 5. Wait for upgrade to complete and device to reboot.

🔧 Temporary Workarounds

Disable Web Interface

all

Disable the built-in web server if not required for operations

Navigate to Network > Web Server in web interface and disable

Network Segmentation

all

Isolate devices in separate VLAN with restricted access

Configure firewall rules to block external access to port 80/443

🧯 If You Can't Patch

  • Implement strict network access controls to limit web interface access to trusted IPs only
  • Deploy network intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: System > System Information > Firmware Version

Check Version:

No CLI command - use web interface at System > System Information

Verify Fix Applied:

Verify firmware version shows 2.4 or later after upgrade

📡 Detection & Monitoring

Log Indicators:

  • Web server crash logs
  • Unusual HTTP requests with long payloads
  • Device reboot events

Network Indicators:

  • HTTP requests with unusually long parameters to device web interface
  • Traffic spikes to port 80/443 followed by service unavailability

SIEM Query:

source="moxa-device" AND (event="web_server_crash" OR event="device_reboot")

📊 Metadata

CVE ID: CVE-2024-1220
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-121
Published: March 6, 2024
Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1220, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)