CVE Catalog

CVE-2026-10828

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Summary

A format string vulnerability has been found in the 'alias' parameter of the Serial Param configuration page in NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This issue arises from insufficient input validation and improper handling of externally supplied format strings.

Risk Assessment

An attacker could exploit this vulnerability to leak sensitive memory contents and determine critical memory addresses, potentially bypassing ASLR protections.

Recommendation

It is recommended to update the devices to the latest software version to eliminate this vulnerability and implement additional input validation security mechanisms.

Original NVD description (English source)

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory disclosure. Successful exploitation may allow an attacker to leak sensitive memory contents and determine critical memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) protections.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS