As of June 15, 2022, this site no longer supports Internet Explorer. Please use another browser for the best experience on our site.

Product support

Security Advisories

SUMMARY

NPort W2150A/W2250A Series Serial Device Servers Vulnerability

  • Version: V1.0
  • Release Date: Dec 14, 2021
  • Reference:
    • N/A

A product vulnerability was identified in Moxa’s NPort W2150A/W2250A Series Serial Device Servers. In response to this, Moxa has developed related solutions to address this vulnerability.

The identified vulnerability type and potential impacts are shown below:

Item Vulnerability Type Impact
1 Command injection A vulnerability in the web server allows an authorized user with administrator rights to execute code on the root operating system.

 

AFFECTED PRODUCTS AND SOLUTIONS

Affected Products:

The affected products and firmware versions are shown below.

Product Series Affected Versions
NPort W2150A/W2250A Series Firmware Version 1.11 or lower.

 

Solutions:

Moxa has developed an appropriate solution to address the vulnerability. The solution for affected products is shown below.

Product Series Solutions
NPort W2150A/W2250A Series Please upgrade to firmware version 2.2 or higher. (Download Link)

Acknowledgment:

We would like to express our appreciation to Vladimir Razov from CybersLab for reporting the vulnerability, working with us to help enhance the security of our products, and helping us provide a better service to our customers.
 

Revision History:

VERSION DESCRIPTION RELEASE DATE
1.0 First Release Dec 14, 2021

Relevant Products

NPort W2150A/W2250A Series ·

  •   Print this page
  • You can manage and share your saved list in My Moxa
Let’s get that fixed

If you are concerned about a potential cybersecurity vulnerability, please contact us and one of technical support staff will get in touch with you.

Report a Vulnerability
Added To Bag
Feedback