CVE-2016-9371 Moxa CVE debrief

Who should care

Organizations that use Moxa NPort devices for serial-to-Ethernet connectivity, especially teams that expose or manage the device web interface. This matters most where administrators rely on browser-based management from trusted workstations, because XSS can affect authenticated sessions and alter what the browser renders.

Technical summary

The vulnerability is categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation). The NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating a network-reachable issue with low attack complexity, no privileges required, and user interaction required. The impact is limited to confidentiality and integrity, with no availability impact scored. Affected firmware branches listed in the supplied record include NPort 5110 prior to 2.6, NPort 5130/5150 Series prior to 3.6, NPort 5200 Series prior to 2.8, NPort 5400 Series prior to 3.11, NPort 5600 Series prior to 3.7, NPort 5100A Series and NPort P5150A prior to 1.3, NPort 5200A Series prior to 1.3, NPort 5150AI-M12 Series prior to 1.2, NPort 5250AI-M12 Series prior to 1.2, NPort 5450AI-M12 Series prior to 1.2, NPort 5600-8-DT and 5600-8-DTL Series prior to 2.4, NPort 6x50 Series prior to 1.13.11, and NPort IA5450A prior to v1.4.

Defensive priority

Medium. The flaw does not indicate remote code execution or service disruption, but it can compromise administrative web sessions and trust in device management workflows. Prioritize if the device management interface is reachable from user workstations, shared admin networks, or any environment where browser-based access is used.

Recommended defensive actions

• Update each affected NPort family to the first fixed firmware version listed by the vendor/NVD record.
• Inventory all Moxa NPort devices and match exact model plus firmware version to the series-specific thresholds in the CVE record.
• Restrict access to the device web management interface to dedicated admin networks or VPN-only paths.
• Use least-privilege administrative accounts and avoid browsing untrusted content from the same workstation used for device administration.
• Review and harden any web inputs or pages associated with device management if you maintain customized interfaces or integrations.
• Monitor administrative browsers and device logs for signs of unexpected script execution, session anomalies, or unauthorized configuration changes.

Evidence notes

The description supplied with the CVE states that user-controlled input is not neutralized before being output to a web page, which directly supports an XSS classification. The NVD metadata maps the weakness to CWE-79 and assigns CVSS 6.1/Medium with AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The NVD source record also includes references to the CVE record, NVD detail page, and ICS-CERT advisory ICSA-16-336-02. The supplied record shows publishedAt 2017-02-13T21:59:02.347Z and modifiedAt 2026-05-13T00:24:29.033Z; these are disclosure and metadata-update dates, not generation dates.

Official resources