CVE-2026-10825
Received Received - Intake
WebSocket API Denial of Service Vulnerability

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Moxa Inc.

Description
A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-10825
EUVD
EUVD-2026-37043
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
moxa nport_6000-g2 *
moxa nport_6100-g2 *
moxa nport_6200-g2 *
moxa nport_6400-g2 *
moxa nport_6600-g2 to 1.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how CVE-2026-10825 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-10825 is a denial-of-service vulnerability in Moxa's serial device servers caused by improper validation of JSON input in the WebSocket API.

A low-privileged authenticated attacker can send a specially crafted JSON-based request that disrupts the service and may cause the device to reboot unexpectedly.

This affects several Moxa NPort series devices running firmware version 1.1.0 and earlier.

Impact Analysis

The vulnerability can cause service disruption on affected devices, leading to denial of service.

It may also cause unexpected device reboots, which can interrupt operations relying on these devices.

Such disruptions can affect network reliability and availability, potentially impacting business continuity.

Detection Guidance

This vulnerability involves a low-privileged authenticated attacker sending specially crafted JSON-based requests to the WebSocket API, causing service disruption or device reboot.

Detection can focus on monitoring for unusual or malformed JSON requests targeting the WebSocket API of affected Moxa serial device servers (NPort 6000-G2, 6100-G2, 6200-G2, 6400-G2, 6600-G2).

Suggested detection methods include:

  • Monitoring network traffic for abnormal WebSocket JSON requests using tools like Wireshark or tcpdump.
  • Checking device logs for unexpected reboots or service disruptions.
  • Using commands to capture WebSocket traffic, for example, tcpdump filtering on the device's WebSocket port (commonly port 80 or 443 if HTTPS is used):
  • tcpdump -i <interface> port 80 -w websocket_traffic.pcap
  • Analyzing captured traffic for malformed or suspicious JSON payloads.

Since the vulnerability requires authentication, reviewing authentication logs for unusual activity or repeated failed attempts may also help detect exploitation attempts.

Mitigation Strategies

The primary mitigation is to update the firmware of affected Moxa serial device servers to version 1.2.0 or later.

If updating firmware is not immediately possible, the following steps are recommended:

  • Restrict network access to the affected devices, limiting exposure to trusted networks only.
  • Segregate operational networks to isolate vulnerable devices from general network traffic.
  • Disable any unused services on the devices to reduce attack surface.
  • Enforce strong authentication mechanisms to prevent unauthorized access.
  • Implement logging and monitoring to detect suspicious activity early.

General security best practices such as minimizing device exposure, securing remote access, and conducting regular security assessments are also advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10825. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart