The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.
Credits
Evgeniy Druzhinin and Ilya Karpov of Rostelecom-Solar reported these vulnerabilities to CISA
