Description
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
Published: 2026-02-03
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated Remote Configuration
Action: Replace Device
AI Analysis

Impact

The Synectix LAN 232 TRIO 3‑Port serial to Ethernet adapter lacks authentication for its web management interface, allowing any user with network access to alter critical device settings or perform factory resets. This unfettered access can lead to unauthorized configuration changes, service disruption, and loss of device integrity. The vulnerability corresponds to CWE‑306, highlighting a missing authentication weakness.

Affected Systems

The affected product is Synectix LAN 232 TRIO. No specific firmware versions are listed, and the manufacturer is no longer in business. The product is effectively end‑of‑life and no firmware updates will be released. The official CNA workaround indicates the device is end‑of‑life and no firmware fixes will be available.

Risk and Exploitability

The CVSS base score of 10 indicates a critical impact if exploited. EPSS is reported as less than 1 %, suggesting a low current exploit probability, but the absence of vendor remediation means the risk remains high. The device is not listed in CISA’s Known Exploited Vulnerabilities catalog, yet the lack of authentication makes it a prime candidate for attackers who can reach the device’s management interface over the network. Because Synectix is no longer in business and no firmware updates are available, the risk persists without a vendor patch, making replacement the only viable long‑term solution.

Generated by OpenCVE AI on April 18, 2026 at 14:07 UTC.

Remediation

Vendor Workaround

The affected products should be considered end-of-life, as Synectix is no longer in business and therefore firmware fixes, mitigations and updates will be unavailable.

OpenCVE Recommended Actions

  • Discontinue use of the Synectix LAN 232 TRIO device and remove it from the network or place it behind a firewall that blocks all inbound traffic to ports 80 and 443.
  • Replace the device with a supported serial‑to‑Ethernet adapter that enforces authenticated management access.
  • If replacement is not immediately feasible, isolate the device by configuring network segmentation or ACLs to restrict management access to a trusted management subnet only.
  • The CNA workaround indicates the device is end‑of‑life and no firmware updates will be provided; plan for replacement as a permanent fix.

Generated by OpenCVE AI on April 18, 2026 at 14:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 04 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Synectix
Synectix lan 232 Trio
Vendors & Products Synectix
Synectix lan 232 Trio

Tue, 03 Feb 2026 23:30:00 +0000

Type Values Removed Values Added
Description The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
Title Synectix LAN 232 TRIO Missing Authentication for Critical Function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Synectix Lan 232 Trio
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-02-04T20:18:22.726Z

Reserved: 2026-01-29T16:19:22.805Z

Link: CVE-2026-1633

cve-icon Vulnrichment

Updated: 2026-02-04T20:18:19.933Z

cve-icon NVD

Status : Deferred

Published: 2026-02-04T00:16:08.557

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1633

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:15:04Z

Weaknesses