Impact
A stack-based buffer overflow vulnerability was discovered in the server location parameter on the Basic settings page of Moxa NPort W2150A-W4/W2250A-W4 Series firmware 1.5 and earlier. Because the input is not validated, an attacker can deliver crafted data to the web service, corrupting memory and potentially executing arbitrary code with root privileges. The weakness is identified as CWE‑121, a classic stack-based buffer overrun.
Affected Systems
The affected devices are the Moxa NPort W2150A and W2250A series, specifically the W2150A-W4/W2250A-W4 models running firmware version 1.5 or lower. The advisory and CPE entries confirm the product line but do not list additional firmware releases beyond 1.5.
Risk and Exploitability
The CVSS score of 8.6 indicates a high severity level, while the EPSS score of <1% suggests a low probability of immediate exploitation, and the vulnerability is not listed in the KEV catalog. The likely attack vector is via the web service receiving specially crafted requests to the Server location parameter, requiring remote network access. Successful exploitation would grant full system control.
OpenCVE Enrichment