Cybersecurity specialists report the detection of 4 critical vulnerabilities in Moxa VPort video servers. According to the report, the successful exploitation of the flaws found will allow threat actors to deploy multiple hacking variants.
Below are brief descriptions of the reported flaws, in addition to their scores assigned under the Common Vulnerability Scoring System (CVSS). It is worth mentioning that the flaws have not yet received CVE tracking keys.
No CVE key: A NULL pointer dereference error when the application allows a cookie parameter to consist only of digits would allow remote threat actors to perform brute-force attacks and gain access to the functions of the target device.
The vulnerability received a CVSS score of 5.7/10 and its successful exploitation could put the entire affected system at risk.
No CVE key: An integer overflow on affected devices would allow remote hackers to pass specially crafted data into the application in order to generate a denial of service (DoS) condition.
This is a flaw of medium severity and received a CVSS score of 5.7/10.
No CVE key: A limit condition on the affected devices would allow remote attackers to trigger an out-of-bounds read error and access the contents of memory on the system or perform a DoS attack.
This is a highly severe vulnerability and received a CVSS score of 7.9/10.
No CVE key: A memory leak would allow remote hackers to force the app to leak data from the device’s memory and perform DoS attacks.
The flaw received a CVSS score of 6.5/10.
According to the report, the flaws reside in the following products and versions:
- VPort 06EC-2V Series: 1.1
- VPort 461A Series: 1.4
So far, no active exploitation attempts related to these flaws have been detected. However, cybersecurity experts recommend that affected users update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.