Skip to main content

Moxa NPort W2150A/W2250A CVE-2026-10828

| EUVDEUVD-2026-37062 MEDIUM
Use of Externally-Controlled Format String (CWE-134)
2026-06-16 Moxa GHSA-pgjf-23qm-f427
6.9
CVSS 4.0 · Vendor: Moxa
Share

Severity by source

Vendor (Moxa) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.9 MEDIUM

Admin credentials gate the Serial Param page (PR:H); no scope change or integrity/availability impact - pure network-reachable stack read.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Moxa).

CVSS VectorVendor: Moxa

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 11:53 vuln.today

DescriptionCVE.org

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory disclosure. Successful exploitation may allow an attacker to leak sensitive memory contents and determine critical memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) protections.

AnalysisAI

Format string exploitation in Moxa NPort W2150A-W4/W2250A-W4 and W2150A/W2250A series wireless serial device servers (firmware v1.5 and prior) allows network-accessible, authenticated administrators to leak arbitrary stack memory through the web management interface. The 'alias' parameter on the Serial Param configuration page passes attacker-controlled input directly to a printf-family function without sanitization, violating CWE-134. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or guess NPort admin credentials
Delivery
Authenticate to web management interface over network
Exploit
Navigate to Serial Param configuration page
Execution
Submit crafted format string in 'alias' parameter
Persist
Capture HTTP response containing leaked stack memory
Impact
Extract memory addresses to defeat ASLR

Vulnerability AssessmentAI

Exploitation Exploitation requires valid administrator-level credentials for the NPort web management interface, confirmed by the CVSS 4.0 PR:H metric - low-privilege or unauthenticated users cannot reach the Serial Param configuration page. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-provided CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N) scores 6.9 and accurately captures the threat profile: network-exploitable with low complexity but gated behind high-privilege (PR:H) administrator credentials, with pure confidentiality impact and no integrity or availability consequence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained NPort administrator credentials - through credential stuffing against a default password, phishing an OT engineer, or lateral movement from a compromised management workstation - accesses the device's web management interface over the network and navigates to the Serial Param configuration page. The attacker submits a crafted 'alias' value such as '%08x.%08x.%08x.%08x.%08x' and captures the HTTP response, which reflects stack memory contents in the rendered page. …
Remediation Consult Moxa advisory MPSA-261910 at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v for the recommended firmware upgrade; the specific fixed firmware version number is not confirmed in the available data and must be verified from that source before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy