FixVibe
Coberto por FixVibecritical

Missing Authentication in Moxa NPort Series Devices (CVE-2016-9369)

Moxa NPort serial device servers before vendor fixed firmware releases are associated with CVE-2016-9369. FixVibe can flag strong HTTP model and firmware-version evidence as a version-based advisory during verified active scans without attempting firmware updates, unauthenticated administrative actions, or exploit confirmation.

CVE-2016-9369CWE-287CWE-306

Covered by FixVibe

FixVibe covers this research note as a version-based advisory during verified active scans. When a scan target is authorized for active testing, FixVibe can use strong public HTTP evidence that the target is a Moxa NPort serial device server and that the displayed firmware version falls inside the public advisory range for CVE-2016-9369 [S1][S2][S3].

This does not mean FixVibe proved unauthorized firmware update, configuration access, denial of service, or code execution. The finding is designed to separate observed product and firmware evidence from exploit confirmation.

Evidence FixVibe Uses

FixVibe looks for target-specific Moxa NPort model and firmware-version evidence on the scanned HTTP surface. Public sources list affected NPort 5000 and 6000 family firmware ranges, and NVD describes CVE-2016-9369 as unauthenticated network firmware update that may allow remote code execution [S1]. Moxa's MCSA-160401 advisory lists the affected NPort product series and firmware versions and directs operators to vendor firmware or support guidance [S2]. CISA's industrial advisory tracks the same NPort advisory family [S3].

What FixVibe Does Not Verify

FixVibe does not attempt firmware uploads or updates, send crafted packets, query SNMP broadly, test serial-device protocols, exercise unauthenticated administrative actions, crash-test the device, or claim exploit confirmation. Operators should validate the running model, firmware, and patch status directly from trusted device inventory or Moxa-supported tooling before closing the finding.

Why It Matters

NPort serial device servers often bridge operational equipment and IP networks. If an affected management surface is reachable from untrusted networks, unauthenticated firmware update and related advisory-family issues can create serious availability, integrity, and code-execution risk under the vulnerable conditions [S1][S2].

Remediation

Upgrade the affected NPort firmware to a vendor-supported fixed release or supported backport for the deployed model [S2]. Restrict management access to trusted industrial networks, VPN, or an authenticated management segment, review logs for unexpected management traffic, and disable unneeded management services where operationally safe. Do not validate remediation by attempting firmware upload, unauthenticated administrative actions, crash tests, or exploit payloads.

References

  • [S1] NVD CVE-2016-9369: https://nvd.nist.gov/vuln/detail/CVE-2016-9369
  • [S2] Moxa MCSA-160401: https://www.moxa.com/en/support/product-support/security-advisory/nport-5000-series-and-nport-6000-series-serial-device-server-vulnerabilities
  • [S3] CISA ICSA-16-336-02A: https://www.cisa.gov/news-events/ics-advisories/icsa-16-336-02a
Missing Authentication in Moxa NPort Series Devices (CVE-2016-9369) — FixVibe research · FixVibe