CVE-2026-10825
Awaiting Analysis Awaiting Analysis - Queue

WebSocket API Denial of Service Vulnerability

Vulnerability report for CVE-2026-10825, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Moxa Inc.

Description

A denial-of-service vulnerability exists in the WebSocket API due to insufficient validation and handling of JSON-based requests. A low-privileged authenticated attacker can send a specially crafted request that causes service disruption and may result in an unexpected device reboot.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
moxa nport_6000-g2 *
moxa nport_6100-g2 *
moxa nport_6200-g2 *
moxa nport_6400-g2 *
moxa nport_6600-g2 to 1.2.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how CVE-2026-10825 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-10825 is a denial-of-service vulnerability in Moxa's serial device servers caused by improper validation of JSON input in the WebSocket API.

A low-privileged authenticated attacker can send a specially crafted JSON-based request that disrupts the service and may cause the device to reboot unexpectedly.

This affects several Moxa NPort series devices running firmware version 1.1.0 and earlier.

Impact Analysis

The vulnerability can cause service disruption on affected devices, leading to denial of service.

It may also cause unexpected device reboots, which can interrupt operations relying on these devices.

Such disruptions can affect network reliability and availability, potentially impacting business continuity.

Detection Guidance

This vulnerability involves a low-privileged authenticated attacker sending specially crafted JSON-based requests to the WebSocket API, causing service disruption or device reboot.

Detection can focus on monitoring for unusual or malformed JSON requests targeting the WebSocket API of affected Moxa serial device servers (NPort 6000-G2, 6100-G2, 6200-G2, 6400-G2, 6600-G2).

Suggested detection methods include:

  • Monitoring network traffic for abnormal WebSocket JSON requests using tools like Wireshark or tcpdump.
  • Checking device logs for unexpected reboots or service disruptions.
  • Using commands to capture WebSocket traffic, for example, tcpdump filtering on the device's WebSocket port (commonly port 80 or 443 if HTTPS is used):
  • tcpdump -i <interface> port 80 -w websocket_traffic.pcap
  • Analyzing captured traffic for malformed or suspicious JSON payloads.

Since the vulnerability requires authentication, reviewing authentication logs for unusual activity or repeated failed attempts may also help detect exploitation attempts.

Mitigation Strategies

The primary mitigation is to update the firmware of affected Moxa serial device servers to version 1.2.0 or later.

If updating firmware is not immediately possible, the following steps are recommended:

  • Restrict network access to the affected devices, limiting exposure to trusted networks only.
  • Segregate operational networks to isolate vulnerable devices from general network traffic.
  • Disable any unused services on the devices to reduce attack surface.
  • Enforce strong authentication mechanisms to prevent unauthorized access.
  • Implement logging and monitoring to detect suspicious activity early.

General security best practices such as minimizing device exposure, securing remote access, and conducting regular security assessments are also advised.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10825. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart