CVE-2026-10825

Vulnerability

A denial-of-service vulnerability (CWE-1287: Improper Validation of Specified Type of Input) exists in the WebSocket API of Moxa NPort 6000-G2 series serial device servers, including NPort 6100-G2 and NPort 6200-G2 series. The affected product versions are listed as "NPort 6000-G2 Series" in the Moxa security advisory MPSA-268270 [1]. The vulnerability stems from insufficient validation and handling of JSON-based requests processed by the WebSocket API [1].

Exploitation

An attacker must be a low-privileged authenticated user on the device. No user interaction beyond authentication is required, and the attack vector is network-based (remote) according to the CVSS vector AV:N/AC:L/AT:N/PR:L/UI:N [1]. The attacker sends a specially crafted, malformed JSON request to the WebSocket API endpoint, which triggers improper type validation and leads to service disruption [1]. The technique is associated with CAPEC-28 (Fuzzing) [1].

Impact

Successful exploitation causes a denial of service (CVSS availability impact: HIGH) that disrupts the WebSocket service and may result in an unexpected device reboot [1]. Confidentiality and integrity are not affected (VC:N, VI:N). The attack does not require an unauthenticated or remote position beyond network access, though authentication is required [1].

Mitigation

The vendor, Moxa, has released solutions for the affected NPort 6000-G2 series products as of the advisory release date June 16, 2026. Users should apply the appropriate firmware or software update as listed in the advisory's "Solutions" table [1]. No workarounds are documented in the available reference. There is no indication this CVE is listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.