CVE-2026-10831
Awaiting Analysis Awaiting Analysis - Queue
Denial-of-Service in Moxa NPort Devices via Command Port

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Moxa Inc.

Description
A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network access can send crafted requests to disrupt serial communication for an active user session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-10831
EUVD
EUVD-2026-37119
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
moxa nport to 2.3 (inc)
moxa cn2600 to 4.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10831 is an improper authorization vulnerability affecting Moxa Serial Device Servers, specifically NPort and CN2600 Series devices.

The issue involves improper access control on the command port, where the command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands.

A remote attacker with network access can send specially crafted requests to disrupt serial communication for an active user session.

Impact Analysis

This vulnerability can allow a remote attacker to disrupt serial communication for active user sessions on affected Moxa devices.

Such disruption can lead to denial-of-service conditions, potentially impacting the availability and reliability of systems relying on these serial communications.

Since the vulnerability can be exploited without authentication, it poses a risk of unauthenticated remote attacks.

Detection Guidance

Detection of this vulnerability involves monitoring for unusual or crafted break signal commands sent to the command port of affected Moxa Serial Device Servers. Network administrators should look for unauthorized or unexpected traffic targeting the command interface of NPort and CN2600 Series devices.

While specific commands are not provided in the available resources, general detection methods include using network traffic analysis tools to capture and inspect packets sent to the command port, and monitoring device logs for disruptions in serial communication or unauthorized access attempts.

Administrators can also use network scanning tools to identify devices running vulnerable firmware versions (NPort firmware v2.3 or earlier, CN2600 firmware v4.6 or earlier) and verify if unauthorized break signal commands are being sent.

Mitigation Strategies

Immediate mitigation steps include applying the security patches released by Moxa: firmware version v2.3.9 for NPort devices and v4.6.11 for CN2600 devices.

  • Restrict network access to the affected devices to trusted hosts only.
  • Segregate networks to isolate vulnerable devices from untrusted or public networks.
  • Disable any unused services on the devices to reduce the attack surface.
  • Enforce strong authentication mechanisms for accessing the devices.
  • Monitor device behavior regularly for signs of exploitation or unusual activity.

Additionally, Moxa recommends regular firmware updates, secure remote access practices, and comprehensive security assessments to further reduce risk.

Compliance Impact

The provided information does not specify how CVE-2026-10831 directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10831. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart