CVE-2026-10829 | A stack-based buffer overflow vulnerability has been found i… | CVSS 8.6 HIGH

Description

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.

Metadata

CVE ID: CVE-2026-10829
State: PUBLISHED
Assigner: Moxa
Reserved: 2026-06-04 09:42 UTC
Published: 2026-06-16 10:18 UTC
Last updated: 2026-06-16 12:16 UTC
Primary CWE: CWE-121
CWE-121: Stack-based Buffer Overflow
Vendor / Product: Moxa / NPort W2150A-W4/W2250A-W4 Series
Sources: cve.org · NVD

Severity & Metrics

8.6 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (2)

Vendor	Product	Platform	Versions
Moxa	NPort W2150A-W4/W2250A-W4 Series	—	1.0 ≤ 1.5
Moxa	NPort W2150A/W2250A Series	—	1.0 ≤ 2.3

Weakness (CWE)

CWE	Source	Description
CWE-121	cna	CWE-121: Stack-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v