CVE-2026-1633
Unknown Unknown - Not Provided
Unauthenticated Access in Synectix LAN 232 TRIO Web Interface

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: ICS-CERT

Description
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1633
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
synectix lan_232_trio *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability affects the Synectix LAN 232 TRIO 3-Port serial to ethernet adapter by exposing its web management interface without requiring any authentication.

This means that anyone, even without credentials, can access the device's management interface.

As a result, unauthenticated users can modify critical device settings or perform a factory reset on the device.

Impact Analysis

This vulnerability can have severe impacts because it allows attackers to change important device configurations or reset the device to factory settings without any restrictions.

Such unauthorized modifications can disrupt network operations, cause loss of data or device functionality, and potentially open the network to further attacks.

Given the CVSS score of 10.0, this is a critical vulnerability with high potential for confidentiality, integrity, and availability impacts.

Compliance Impact

I don't know

Detection Guidance

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication. Detection can focus on identifying devices exposing this interface on the network.

  • Scan the network for devices with open web management ports (commonly port 80 or 443) using tools like nmap.
  • Use the command: nmap -p 80,443 --open -sV <target_network> to identify devices with open HTTP/HTTPS ports.
  • Attempt to access the web management interface of identified devices to check if authentication is required.
  • Look for devices identified as Synectix LAN 232 TRIO or similar serial to ethernet adapters by checking device banners or service fingerprints.
Mitigation Strategies

Immediate mitigation steps include restricting access to the web management interface to trusted networks or hosts only.

  • Place the device management interface behind a firewall or VPN to prevent unauthenticated external access.
  • If possible, disable the web management interface or change its configuration to require authentication.
  • Monitor network traffic for unauthorized access attempts to the device.
  • Consider isolating the device on a separate management VLAN to limit exposure.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1633. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart