CVE-2026-10829

CVSS 8.6 HIGHEPSS 0.5%CWE-121

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.6EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

16 jun 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Moxa · NPort W2150A/W2250A Series Moxa · NPort W2150A-W4/W2250A-W4 Series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v