CVE-2016-9366 Moxa CVE debrief

Who should care

Organizations running Moxa NPort serial-to-Ethernet device servers, especially OT/ICS environments and any network team exposing these devices to untrusted or broadly reachable networks.

Technical summary

According to the NVD record, affected Moxa NPort firmware branches include multiple product series prior to their fixed versions. The core issue is that an attacker can freely brute force parameters needed to bypass authentication. NVD assigns CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and lists CWE-264. Because the attack requires no privileges and no user interaction, exposure on reachable networks materially raises risk.

Defensive priority

Immediate

Recommended defensive actions

• Identify all Moxa NPort devices and verify exact series and firmware versions against the affected ranges in the NVD record.
• Upgrade to the first fixed firmware versions listed by the vendor/NVD for each affected NPort series.
• Restrict network access to management interfaces and place device servers behind trusted administrative networks or VPNs where possible.
• Monitor for unusual authentication activity, repeated login attempts, or configuration changes on exposed devices.
• If a device cannot be patched promptly, compensate with segmentation, ACLs, and strict administrative access controls until remediation is complete.

Evidence notes

CVE published by NVD on 2017-02-13T21:59:02.253Z and last modified on 2026-05-13T00:24:29.033Z. The supplied NVD data states that an attacker can freely use brute force to determine parameters needed to bypass authentication. NVD assigns CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and lists CWE-264. Affected versions span multiple Moxa NPort series, with fixed-version cutoffs recorded in the NVD CPE criteria. The KEV field in the supplied data is false.

Official resources