Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable WebSocket API exploitable by any authenticated low-privileged user with no user interaction; pure DoS via reboot gives A:H with C:N/I:N.
Primary rating from Vendor (Moxa).
CVSS VectorVendor: Moxa
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
AnalysisAI
Denial-of-service in Moxa NPort 6000-G2 Series serial device servers allows a low-privileged authenticated attacker to disrupt service and potentially trigger an unexpected device reboot via specially crafted JSON requests to the WebSocket API. The CVSS 4.0 base score of 7.1 reflects high availability impact with no confidentiality or integrity loss. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) network reachability to the NPort 6000-G2 management WebSocket API (typically HTTP/HTTPS on the device's LAN-facing management interface) and (2) valid credentials for any account, including the lowest-privilege role on the device (PR:L per CVSS 4.0). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VA:H accurately captures a network-reachable, low-complexity, low-privileged availability-only flaw - there is no confidentiality or integrity impact, so this is a pure DoS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An insider or a network-adjacent attacker who has phished or guessed a low-privileged operator credential authenticates to the NPort 6000-G2 web interface, opens a WebSocket session to the management API, and sends a specially crafted JSON payload that the handler fails to validate, causing the device to reboot and dropping all active serial-over-IP sessions to downstream PLCs. Repeating the request after each reboot produces a sustained outage of the serial gateway. … |
| Remediation | No vendor-released patch version is identified at time of analysis in the provided input; consult the Moxa PSIRT advisory MPSA-268270 at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-268270-cve-2026-10825-improper-validation-of-input-vulnerability-in-serial-device-servers for the fixed firmware build for your specific NPort 6000-G2 model and apply it during a planned maintenance window since the device reboots on update. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Moxa NPort 6000-G2 devices in your infrastructure and classify by operational criticality; change default credentials immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37043
GHSA-9269-mhf5-vfqw