CVE-2026-10831 (GCVE-0-2026-10831)

Vulnerability from cvelistv5 – Published: 2026-06-16 13:46 – Updated: 2026-06-16 15:27
VLAI?
Title
Improper Authorization of Break Signal Commands in Devices
Summary
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
CWE
Assigner
References
Impacted products
Vendor Product Version
Moxa NPort 6000 Series Affected: 1.0 , ≤ 2.3 (custom)
Create a notification for this product.
    Moxa CN2600 Series Affected: 1.0 , ≤ 4.6 (custom)
Create a notification for this product.
Credits
Artur Witek
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10831",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T15:27:21.022805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T15:27:28.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NPort 6000 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "2.3",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CN2600 Series",
          "vendor": "Moxa",
          "versions": [
            {
              "lessThanOrEqual": "4.6",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Artur Witek"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.\u003c/p\u003e"
            }
          ],
          "value": "A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-212",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-212: Functionality Misuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T13:46:27.325Z",
        "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
        "shortName": "Moxa"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Please refer to the security advisory:\u0026nbsp;https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
            }
          ],
          "value": "Please refer to the security advisory:\u00a0https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper Authorization of Break Signal Commands in Devices",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
    "assignerShortName": "Moxa",
    "cveId": "CVE-2026-10831",
    "datePublished": "2026-06-16T13:46:27.325Z",
    "dateReserved": "2026-06-04T10:11:26.724Z",
    "dateUpdated": "2026-06-16T15:27:28.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-10831\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-16T15:27:21.022805Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-16T15:27:24.699Z\"}}], \"cna\": {\"title\": \"Improper Authorization of Break Signal Commands in Devices\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Artur Witek\"}], \"impacts\": [{\"capecId\": \"CAPEC-212\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-212: Functionality Misuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Moxa\", \"product\": \"NPort 6000 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.3\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Moxa\", \"product\": \"CN2600 Series\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"4.6\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please refer to the security advisory:\\u00a0https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Please refer to the security advisory:\u0026nbsp;https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"shortName\": \"Moxa\", \"dateUpdated\": \"2026-06-16T13:46:27.325Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-10831\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-16T15:27:28.093Z\", \"dateReserved\": \"2026-06-04T10:11:26.724Z\", \"assignerOrgId\": \"2e0a0ee2-d866-482a-9f5e-ac03d156dbaa\", \"datePublished\": \"2026-06-16T13:46:27.325Z\", \"assignerShortName\": \"Moxa\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…