These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-9371 is a cross-site scripting (XSS) issue in several Moxa NPort product families. According to the NVD record, user-controlled input was not neutralized before being output to a web page. The CVE was published on 2017-02-13 and later modified on 2026-05-13 in the NVD source record. The issue affects multiple NPort series with series-specific fixed firmware thresholds, and it is rated CVSS 6.1/Medium.
CVE-2016-9369 describes a critical flaw in multiple Moxa NPort device families where firmware can be updated over the network without authentication, creating a path that may allow remote code execution. The NVD record rates the issue 9.8/CRITICAL and maps it to CWE-287. For defenders, the key concern is any reachable management or firmware-update interface on affected NPort deployments.
CVE-2016-9367 is a high-severity availability issue in multiple Moxa NPort firmware families. NVD describes a condition where a malicious actor can request unrestricted resources, leading to resource exhaustion and denial of service. The supplied NVD data rates the issue CVSS v3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2016-9366 is a critical authentication-bypass issue in multiple Moxa NPort firmware lines. The vulnerability allows a network attacker to use brute force to determine parameters needed to bypass authentication, and NVD rates the impact as CVSS 9.8 with high confidentiality, integrity, and availability impact.
CVE-2016-9365 is a high-severity cross-site request forgery issue in multiple Moxa NPort firmware families. An attacker could induce an authenticated user to submit unintended requests to the device management interface, with potential impact on confidentiality, integrity, and availability.
CVE-2016-9363 is a network-reachable buffer overflow in multiple Moxa NPort firmware lines. The CVE description states that an unauthenticated attacker may be able to remotely execute arbitrary code. Because the attack vector is network-based and requires no privileges or user interaction, exposed devices should be treated as high priority for patching and exposure reduction.
CVE-2016-9361 is a critical Moxa NPort firmware authentication flaw that allows remote attackers to retry administration passwords without first authenticating. Because these devices are commonly used as network-facing serial device servers in industrial environments, the issue can lead to unauthorized administrative access across multiple product families and firmware releases.
CVE-2016-9356 affects Moxa DACenter version 1.4 and older and is described as an unquoted search path issue. NVD rates the issue 7.8 HIGH, with local attack requirements and high impacts to confidentiality, integrity, and availability. Systems running affected DACenter releases should be reviewed promptly, especially where local user access is possible.
CVE-2016-9354 is a medium-severity availability issue in Moxa DACenter 1.4 and older. According to the supplied NVD record, a specially crafted project file can trigger uncontrolled resource consumption, leading to an application crash. The record maps the issue to CWE-399 and rates it as local, user-interaction required, with no confidentiality or integrity impact identified.
CVE-2016-9348 is a plaintext credential exposure issue in multiple Moxa NPort serial device server firmware families. According to NVD, configuration files can contain password parameters in clear text, making local access to those files a confidentiality risk. Even with a low CVSS score, exposed configuration backups or device files should be treated as sensitive secrets and remediated promptly on affected firmware.
CVE-2016-9346 is an information-disclosure issue in Moxa MiiNePort firmware. According to NVD, affected devices are MiiNePort E1 firmware prior to 1.8, E2 prior to 1.4, and E3 prior to 1.1, where configuration data are stored in a file without encryption. The published CVSS v3.0 score is 5.3 (Medium), reflecting a confidentiality impact only.