Moxa NPort 5110 serial device servers are affected by a stack-based buffer overflow that could permit remote code execution or system crashes.

This is a stack-based buffer overflow vulnerability that can be triggered by a remote attacker. The flaw allows for the execution of arbitrary code with high privileges or the triggering of a denial-of-service condition on the device.

With a CVSS score of 8.8, this vulnerability poses a high risk to infrastructure relying on Moxa NPort serial servers. Exploitation could allow an attacker to gain control over connected industrial equipment or cause significant disruption to serial communications, impacting plant-floor operations.

Immediate Action: Update the firmware of all affected Moxa NPort 5110 devices to version 2.9 or later.

Proactive Monitoring: Monitor network traffic for unusual activity directed at the NPort devices and maintain strict access control lists (ACLs) to limit management interface exposure.

Compensating Controls: Isolate the NPort devices on a dedicated, non-routable management network to prevent unauthorized remote access.

Public Exploit Available: False

Organizations using legacy Moxa NPort 5110 devices must ensure they are updated to firmware version 2.9 or later. Given the potential for remote code execution, this should be treated as a high-priority remediation task to secure serial-to-ethernet connectivity.