Description
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Published: 2026-06-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A denial‑of‑service flaw resides in the command interface of Moxa NPort and CN2600 serial device servers. The device fails to confirm that a requester is linked to a legitimate data‑port session before accepting break‑signal commands, embodying an improper authorization weakness (CWE‑862). Consequently, a remote actor can issue crafted requests and cause an active user session to lose serial communication, disrupting service continuity.

Affected Systems

Affected products include Moxa CN2600 Series and Moxa NPort 6000 Series serial device servers. No specific firmware or software version numbers are provided in the advisory, so all firmware revisions of those product lines are considered susceptible until a patch is applied.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score of below 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is network‑based; an attacker with network access can target the command port, craft a break‑signal command, and break an ongoing user session. Because the flaw only applies to sessions that have already been established, an attacker must first reach the device over the network to trigger the denial of service.

Generated by OpenCVE AI on June 17, 2026 at 22:31 UTC.

Remediation

Vendor Solution

Please refer to the security advisory: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-262370-cve-2026-10831-improper-authorization-vulnerability-in-serial-device-servers


OpenCVE Recommended Actions

  • Update the device firmware to the version released by Moxa per the security advisory
  • Disable remote access to the command port if remote configuration is not required for business operations
  • Implement network segmentation or firewall rules to restrict direct access to the command port from untrusted networks

Generated by OpenCVE AI on June 17, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Moxa
Moxa cn2600 Series
Moxa nport 5600 Series
Vendors & Products Moxa
Moxa cn2600 Series
Moxa nport 5600 Series

Tue, 16 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
Title Improper Authorization of Break Signal Commands in Devices
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L'}


Subscriptions

Moxa Cn2600 Series Nport 5600 Series
cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published:

Updated: 2026-06-16T15:27:28.093Z

Reserved: 2026-06-04T10:11:26.724Z

Link: CVE-2026-10831

cve-icon Vulnrichment

Updated: 2026-06-16T15:27:24.699Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T15:16:34.490

Modified: 2026-06-16T15:36:54.090

Link: CVE-2026-10831

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:45:28Z

Weaknesses