Impact
A denial‑of‑service flaw resides in the command interface of Moxa NPort and CN2600 serial device servers. The device fails to confirm that a requester is linked to a legitimate data‑port session before accepting break‑signal commands, embodying an improper authorization weakness (CWE‑862). Consequently, a remote actor can issue crafted requests and cause an active user session to lose serial communication, disrupting service continuity.
Affected Systems
Affected products include Moxa CN2600 Series and Moxa NPort 6000 Series serial device servers. No specific firmware or software version numbers are provided in the advisory, so all firmware revisions of those product lines are considered susceptible until a patch is applied.
Risk and Exploitability
The CVSS score of 6.9 indicates a moderate severity. The EPSS score of below 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is network‑based; an attacker with network access can target the command port, craft a break‑signal command, and break an ongoing user session. Because the flaw only applies to sessions that have already been established, an attacker must first reach the device over the network to trigger the denial of service.
OpenCVE Enrichment