{ "id": "CVE-2024-1220", "sourceIdentifier": "psirt@moxa.com", "published": "2024-03-06T02:15:44.810", "lastModified": "2024-03-06T15:18:08.093", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.\n\n" }, { "lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servidor web integrado en la versi\u00f3n 2.3 y anteriores del firmware de la serie Moxa NPort W2150A/W2250A permite a un atacante remoto explotar la vulnerabilidad enviando un payload manipulado al servicio web. La explotaci\u00f3n exitosa de la vulnerabilidad podr\u00eda resultar en la denegaci\u00f3n del servicio." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@moxa.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 4.2 } ] }, "weaknesses": [ { "source": "psirt@moxa.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] } ], "references": [ { "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability", "source": "psirt@moxa.com" } ] }