216.73.216.6

CVE-2026-10828

· Published 16/06/2026 14:16 · Modified 16/06/2026 15:26 · Author: The MITRE Corporation

Labels: CVE-2026-10828 2026-06-16CVE-2026-10828CWE-134[email protected]

Essential information

Published
16/06/2026 14:16
Modified
16/06/2026 15:26
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CWE-134
CVSS vector

CVSS metrics

Description

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory disclosure. Successful exploitation may allow an attacker to leak sensitive memory contents and determine critical memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) protections.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
moxa / nport w2150a w4 cpe:2.3:a:moxa:nport_w2150a_w4:1.5:*:*:*:*:*:*:*
moxa / nport w2250a w4 cpe:2.3:a:moxa:nport_w2250a_w4:1.5:*:*:*:*:*:*:*

References