Skip to main content
Mallory
Back to vulnerabilities
High

Stack-based Buffer Overflow in Moxa NPort W2150A-W4/W2250A-W4 Web Interface

IdentifiersCVE-2026-10829CWE-121· Stack-based Buffer Overflow

CVE-2026-10829 is a stack-based buffer overflow in the web service of Moxa NPort W2150A-W4 and W2250A-W4 Series devices running firmware version 1.5 and earlier. The flaw is caused by insufficient input validation of user-supplied data in the "Server location" parameter on the Basic settings page. By submitting crafted input to this parameter via the device web interface, an attacker can trigger memory corruption on the target system. Moxa indicates that successful exploitation may lead to remote code execution with root privileges.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can corrupt process memory in the device web service and may allow authenticated remote code execution as root on the affected NPort device. Given the product role as a serial-to-Ethernet bridge commonly deployed in industrial and OT environments, compromise of the device could also provide an attacker with a foothold for further access into connected control or operational networks.

Mitigation

If you can’t patch tonight, do this now.

Until remediation is completed, restrict access to the device web interface to trusted administrators and management networks only, minimize or eliminate Internet exposure, and enforce network segmentation around affected serial device servers. Additional vendor-recommended measures include strengthening authentication, securing remote access paths, enabling logging and monitoring for anomalous activity, and conducting regular security assessments.

Remediation

Patch, then assume compromise.

Apply Moxa's fixed firmware for the affected W4 series. The provided remediation is to upgrade NPort W2150A-W4/W2250A-W4 Series devices from firmware 1.5 or earlier to firmware version 1.5.1 or later. Moxa states the patch is available through Moxa Technical Support. For older phased-out NPort W2150A/W2250A models, Moxa advises replacing them with supported hardware running patched firmware.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
MoxaNport W2150A W2250A Seriesapplication
MoxaNport W2150A-W4 W2250A-W4 Serieshardware

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
security online infoNews
Jun 18, 2026
Moxa NPort Vulnerability: RCE Flaw Hits Serial Servers

A stack-based buffer overflow in the web service of Moxa NPort serial device servers that can allow authenticated remote code execution with root privileges.

Read more
malware newsNews
Jun 17, 2026
[Control Systems] Moxa security advisory (AV26-610) - Malware News - Malware Analysis, News and Indicators

A stack-based buffer overflow vulnerability affecting Moxa serial device servers.

Read more
ca ccsNews
Jun 17, 2026
[Control Systems] Moxa security advisory (AV26-610) - Canadian Centre for Cyber Security

A stack-based buffer overflow vulnerability affecting Moxa serial device servers.

Read more
cvefeed high severityNews
Jun 16, 2026
CVE-2026-10829 - Moxa NPort Stack-Based Buffer Overflow Remote Code Execution

A stack-based buffer overflow in Moxa NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier that can lead to remote code execution with root privileges via crafted input to the web service's "Server location" parameter.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-10829
NVD
nvd.nist.gov/vuln/detail/CVE-2026-10829
MITRE CWE · CWE-121
Stack-based Buffer Overflow
moxa.com
moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v