Improper validation of integrity check value in Moxa NPort 5000 Series

Published: 2023-10-04

Risk	Low
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2023-4929
CWE-ID	CWE-354
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	NPort 5000AI-M12 Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5100A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5200 Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5200A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5410 Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5430 Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5450 Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5600 Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5600-DT Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5000 Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5450A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5150A Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5250A Hardware solutions / Routers & switches, VoIP, GSM, etc NPort IA5000A-I/O Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort P5150A Series Hardware solutions / Routers & switches, VoIP, GSM, etc NPort 5130 Hardware solutions / Firmware NPort 5150 Hardware solutions / Firmware NPort 5110 Hardware solutions / Firmware NPort IAW5000A-I/O Series Hardware solutions / Other hardware appliances
Vendor	Moxa

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper validation of integrity check value

EUVDB-ID: #VU81458

Risk: Low

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4929

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a remote user to bypass integrity checks.

The vulnerability exists due to improper validation of integrity check. A remote authenticated administrator can manipulate the firmware and gain control of devices.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

NPort 5000AI-M12 Series: 1.5

NPort 5130: 3.10

NPort 5150: 3.10

NPort 5110: 2.10

NPort 5100A Series: 1.6

NPort 5200 Series: 2.12

NPort 5200A Series: 1.6

NPort 5410: 2.9 - 3.14

NPort 5430: 2.9 - 3.14

NPort 5450: 2.9 - 3.14

NPort 5600 Series: 3.11

NPort 5600-DT Series: 2.9

NPort IA5000 Series: 1.7 - 2.1

NPort IA5450A Series: 2.0

NPort IA5150A: 1.5

NPort IA5250A: 1.5

NPort IA5000A-I/O Series: 2.0

NPort IAW5000A-I/O Series: 2.2

NPort P5150A Series: 1.6

CPE2.3

External links

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.