CVE-2016-9367 Moxa CVE debrief

Who should care

Operators and administrators responsible for Moxa NPort serial device servers, especially environments where the devices are reachable from broader operational networks or any untrusted network segment.

Technical summary

The vulnerability affects multiple Moxa NPort product families with firmware versions prior to vendor-fixed releases. According to the supplied description, the amount of resources requested by a malicious actor is not restricted, which can exhaust device resources and result in denial of service. NVD classifies the weakness as CWE-400 and lists a network-reachable, unauthenticated availability impact.

Defensive priority

High — remote unauthenticated availability impact on network-facing hardware warrants prompt firmware review, patching, and exposure reduction.

Recommended defensive actions

• Inventory all Moxa NPort devices and map each unit to the exact affected series and firmware version.
• Upgrade to the vendor-fixed firmware version for each affected product family as soon as operationally feasible.
• Restrict network exposure for management and device services using segmentation, ACLs, and VPN access where appropriate.
• Monitor for abnormal resource consumption, service interruption, or unexpected device resets that could indicate abuse.
• If patching cannot be completed immediately, isolate affected devices from untrusted networks until they can be updated.

Evidence notes

The supplied corpus shows the CVE published on 2017-02-13 and last modified on 2026-05-13. NVD lists CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-400. NVD references both US-CERT/ICS-CERT advisory ICSA-16-336-02 and SecurityFocus BID 85965. No KEV entry is present in the supplied timeline.

Official resources