Home

Description

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.

PUBLISHED Reserved 2026-06-04 | Published 2026-06-16 | Updated 2026-06-16 | Assigner Moxa




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

1.0 (custom)
affected

Default status
unaffected

1.0 (custom)
affected

Credits

Artur Witek finder

References

www.moxa.com/...ation-vulnerability-in-serial-device-servers vendor-advisory

cve.org (CVE-2026-10831)

nvd.nist.gov (CVE-2026-10831)

Download JSON