Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Reachable over the network via the web UI with low complexity, but requires administrator login (PR:H) to hit the Basic settings handler; full root RCE gives C/I/A:H, scope unchanged.
Primary rating from Vendor (Moxa).
CVSS VectorVendor: Moxa
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.
AnalysisAI
Remote code execution in Moxa NPort W2150A-W4/W2250A-W4 Series firmware version 1.5 and earlier allows authenticated administrators to corrupt memory by submitting an overlong 'Server location' value on the Basic settings page of the web management interface, yielding root-level command execution on the embedded serial device server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Moxa has issued advisory MPSA-261910 confirming the flaw. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) network reach to the NPort device's web management interface (HTTP/HTTPS) - typically TCP/80 or TCP/443 on the management VLAN; (2) valid administrator credentials sufficient to load and submit the Basic settings page, as encoded by PR:H in the CVSS vector; and (3) the device must be running firmware version 1.5 or earlier of the NPort W2150A-W4/W2250A-W4 Series (or the related W2150A/W2250A line). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:H/UI:N with VC:H/VI:H/VA:H produces a base score of 8.6, reflecting full compromise of the device but requiring high privileges (administrative web login) to reach the vulnerable Basic settings parameter. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has phished, brute-forced, or harvested an administrator credential for the NPort web UI logs in over HTTP/HTTPS, navigates to the Basic settings page, and submits an oversized 'Server location' value crafted to overwrite the saved return address with a payload pointer. The handler returns into attacker-controlled shellcode (or a ROP chain on hardened builds), and the attacker gains root execution on the device - enabling pivoting onto the attached serial bus, persistent OT foothold, or traffic interception. … |
| Remediation | Patch available per vendor advisory MPSA-261910 at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v - apply the firmware update Moxa publishes for the W2150A-W4/W2250A-W4 series above version 1.5 (specific fixed build not enumerated in the provided data, confirm with Moxa support). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Moxa NPort W2150A-W4/W2250A-W4 devices, document firmware versions (1.5 and earlier), and implement strict administrative access controls (MFA and network ACLs). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37063
GHSA-v3px-7399-w24v