Description
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
Published: 2026-06-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the WebSocket API of Moxa NPort 6000‑G2 serial device servers allows a low‑privileged authenticated attacker to send a specially crafted JSON request that is insufficiently validated. The result is a denial of service that may cause an unexpected device reboot, disrupting availability of the device and any systems that depend on it.

Affected Systems

Moxa NPort 6000‑G2 Series devices, firmware versions 1.2.0 and earlier, which expose the vulnerable WebSocket endpoint.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑severity denial‑of‑service risk. The EPSS score, which is less than 1 %, shows that exploitation has been observed rarely, and the vulnerability is not listed in CISA’s KEV catalog. Attackers need only legitimate but low‑privilege credentials and can target the WebSocket interface remotely. When the malformed JSON request reaches the device, the server fails to handle it gracefully, leading to an interruption of service and a possible reboot.

Generated by OpenCVE AI on June 16, 2026 at 20:13 UTC.

Remediation

Vendor Solution

Please refer to the security advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-268270-cve-2026-10825-improper-validation-of-input-vulnerability-in-serial-device-servers

OpenCVE Recommended Actions

  • Update the device firmware to the version supplied in Moxa’s security advisory.
  • If the WebSocket functionality is not required, disable the API to reduce the attack surface.
  • Configure firewall or access control lists to restrict network access to the WebSocket port to trusted hosts only.

Generated by OpenCVE AI on June 16, 2026 at 20:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
Title Improper JSON Input Validation in WebSocket API Leads to Denial of Service
First Time appeared Moxa
Moxa nport 6000-g2 Series
Weaknesses CWE-1287
CPEs cpe:2.3:a:moxa:nport_6000-g2_series:*:*:*:*:*:*:*:*
cpe:2.3:a:moxa:nport_6000-g2_series:1.2.0:*:*:*:*:*:*:*
Vendors & Products Moxa
Moxa nport 6000-g2 Series
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Moxa Nport 6000-g2 Series
cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published:

Updated: 2026-06-16T12:24:40.418Z

Reserved: 2026-06-04T08:28:37.449Z

Link: CVE-2026-10825

cve-icon Vulnrichment

Updated: 2026-06-16T12:24:36.445Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T10:16:26.670

Modified: 2026-06-16T15:26:04.250

Link: CVE-2026-10825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:15:16Z

Weaknesses
  • CWE-1287

    Improper Validation of Specified Type of Input