CVE-2026-2754
Received Received - Intake
Unauthorized Access in Navtor NavBox HTTP API Exposes Sensitive Data

Publication date: 2026-03-06

Last updated on: 2026-03-10

Assigner: MHV

Description
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-10
Generated
2026-05-07
AI Q&A
2026-03-06
EPSS Evaluated
2026-05-05
NVD
CVE-2026-2754
EUVD
EUVD-2026-10039
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
navtor navbox to 4.16.2.4 (exc)
navtor navbox From 4.16.2.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to the Navtor NavBox device, especially blocking unauthenticated access to TCP port 8080.

Upgrading the NavBox software to version 4.16.2.4 or later is recommended, as this version addresses the vulnerability by implementing proper authentication and fixing the information disclosure issue.

Additionally, monitor network traffic for unauthorized HTTP GET requests to port 8080 and consider implementing firewall rules to limit access to trusted hosts only.


Can you explain this vulnerability to me?

CVE-2026-2754 is an information disclosure vulnerability in Navtor NavBox devices. It occurs because the HTTP API endpoints on TCP port 8080 lack authentication, allowing unauthenticated remote attackers with network access to retrieve sensitive configuration and operational data. This includes internal network parameters, device identifiers, ECDIS & OT information, and service status logs.

Additionally, in NavBox version 4.12.0.3, attackers can trigger an unhandled exception that discloses a verbose stack trace revealing internal application details, which could aid further attacks.


How can this vulnerability impact me? :

This vulnerability can lead to the exposure of sensitive internal data without requiring any authentication, which compromises confidentiality. Attackers can gain access to network parameters, device identifiers, and operational logs, potentially enabling further targeted attacks or unauthorized network reconnaissance.

While it does not impact integrity or availability, the disclosure of sensitive information can undermine the security posture of affected systems.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of Navtor NavBox devices exposing HTTP API endpoints on TCP port 8080 without authentication.

You can use network scanning tools to identify devices with open TCP port 8080 and then attempt HTTP GET requests to these endpoints to see if sensitive configuration and operational data are disclosed.

  • Use nmap to scan for open port 8080: nmap -p 8080 <target-ip>
  • Use curl or wget to send an HTTP GET request to the device on port 8080: curl http://<target-ip>:8080/
  • Check the response for sensitive information such as ECDIS & OT Information, device identifiers, or service status logs.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart