Skip to main content

Moxa NPort CVE-2026-10829

| EUVDEUVD-2026-37063 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-16 Moxa GHSA-v3px-7399-w24v
8.6
CVSS 4.0 · Vendor: Moxa
Share

Severity by source

Vendor (Moxa) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.2 HIGH

Reachable over the network via the web UI with low complexity, but requires administrator login (PR:H) to hit the Basic settings handler; full root RCE gives C/I/A:H, scope unchanged.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Moxa).

CVSS VectorVendor: Moxa

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 11:52 vuln.today

DescriptionCVE.org

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.

AnalysisAI

Remote code execution in Moxa NPort W2150A-W4/W2250A-W4 Series firmware version 1.5 and earlier allows authenticated administrators to corrupt memory by submitting an overlong 'Server location' value on the Basic settings page of the web management interface, yielding root-level command execution on the embedded serial device server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Moxa has issued advisory MPSA-261910 confirming the flaw. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach management VLAN
Delivery
Authenticate to NPort web UI as admin
Exploit
Submit oversized 'Server location' value on Basic settings
Install
Overflow stack buffer in HTTP handler
C2
Hijack control flow into payload
Execute
Execute code as root
Impact
Pivot to attached serial/OT assets

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reach to the NPort device's web management interface (HTTP/HTTPS) - typically TCP/80 or TCP/443 on the management VLAN; (2) valid administrator credentials sufficient to load and submit the Basic settings page, as encoded by PR:H in the CVSS vector; and (3) the device must be running firmware version 1.5 or earlier of the NPort W2150A-W4/W2250A-W4 Series (or the related W2150A/W2250A line). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:H/UI:N with VC:H/VI:H/VA:H produces a base score of 8.6, reflecting full compromise of the device but requiring high privileges (administrative web login) to reach the vulnerable Basic settings parameter. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has phished, brute-forced, or harvested an administrator credential for the NPort web UI logs in over HTTP/HTTPS, navigates to the Basic settings page, and submits an oversized 'Server location' value crafted to overwrite the saved return address with a payload pointer. The handler returns into attacker-controlled shellcode (or a ROP chain on hardened builds), and the attacker gains root execution on the device - enabling pivoting onto the attached serial bus, persistent OT foothold, or traffic interception. …
Remediation Patch available per vendor advisory MPSA-261910 at https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v - apply the firmware update Moxa publishes for the W2150A-W4/W2250A-W4 series above version 1.5 (specific fixed build not enumerated in the provided data, confirm with Moxa support). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Moxa NPort W2150A-W4/W2250A-W4 devices, document firmware versions (1.5 and earlier), and implement strict administrative access controls (MFA and network ACLs). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10829 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy