{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-10829: A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-10829","status":"final","version":"1","initial_release_date":"2026-06-16T10:18:41.681Z","current_release_date":"2026-06-16T12:16:54.768Z","revision_history":[{"date":"2026-06-16T10:18:41.681Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the \"Server location\" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-10829 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-10829"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-10829"},{"category":"external","summary":"moxa.com","url":"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-261910-cve-2026-10828,-cve-2026-10829-use-of-externally-controlled-format-string-and-stack-based-buffer-overflow-v"}]},"product_tree":{"branches":[{"category":"vendor","name":"Moxa","branches":[{"category":"product_name","name":"NPort W2150A-W4/W2250A-W4 Series","branches":[{"category":"product_version_range","name":">=1.0 <=1.5","product":{"name":"Moxa NPort W2150A-W4/W2250A-W4 Series >=1.0 <=1.5","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:moxa:nport_w2150a-w4\\/w2250a-w4_series:*:*:*:*:*:*:*:*"}}}]}]},{"category":"vendor","name":"Moxa","branches":[{"category":"product_name","name":"NPort W2150A/W2250A Series","branches":[{"category":"product_version_range","name":">=1.0 <=2.3","product":{"name":"Moxa NPort W2150A/W2250A Series >=1.0 <=2.3","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:moxa:nport_w2150a\\/w2250a_series:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-10829","title":"A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1","notes":[{"category":"description","text":"A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the \"Server location\" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1","CSAFPID-2"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":8.6,"baseSeverity":"HIGH"},"products":["CSAFPID-1","CSAFPID-2"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1","CSAFPID-2"]}]}]}