IoT
CVE-2026-1633
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
AnalysisAI
Synectix LAN 232 TRIO serial-to-ethernet adapter exposes its web management interface without authentication (CVSS 10.0), enabling unauthenticated control of serial devices.
Technical ContextAI
The Synectix LAN 232 TRIO 3-port serial-to-ethernet adapter has a CWE-306 missing authentication on its web management interface, allowing complete unauthenticated control.
Affected ProductsAI
Synectix LAN 232 TRIO
RemediationAI
Implement authentication. Isolate the adapter on a dedicated management VLAN.
A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.
Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.
Kede Electronics IoT smart water meter monitoring platform v1.0 has a SQL injection allowing attackers to compromise the
RIOT IoT operating system has an out-of-bounds read vulnerability (CVSS 9.1) that could lead to information disclosure o
A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available
CVE-2025-34023 is a path traversal vulnerability in Karel IP1211 IP Phone's web management panel that allows remote auth
CVE-2025-48466 is a security vulnerability (CVSS 8.1). Risk factors: public PoC available.
MajorDoMo's unauthenticated /objects/?op=set endpoint fails to sanitize property values, allowing remote attackers to in
CVE-2025-7503 is a security vulnerability (CVSS 10.0). Critical severity with potential for significant impact on affect
Command injection via the hostname field allowing authenticated code execution with maximum CVSS 10.0 and scope change.
An API authentication bypass allows unauthenticated attackers to impersonate legitimate users. Maximum CVSS 10.0 with sc
CVE-2025-48890 is a critical OS command injection vulnerability in the miniigd SOAP service affecting WRH-733GBK and WRH
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today