Multiple product vulnerabilities were identified in NPort W2150A and NPort W2250A Serial Device Servers. In response to this, Moxa has developed related solutions to address these vulnerabilities.
The identified vulnerability types and potential impacts are shown below:
Item |
Vulnerability Type |
Impact |
1 |
Authenticated OS Command Injection (CVE-2018-19659) |
Web server ping function can allow users with administrative privileges to circumvent the Linux operating system's user access controls. |
2 |
Authenticated OS Command Injection (CVE-2018-19660) |
Web server WLAN profile properties function can allow users with administrative privileges to circumvent the Linux operating system's user access controls. |