CVE-2026-2754

High CVSS: 7.5

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.

Vendor

Product

CWE

CWE-306

Yayın Tarihi

2026-03-06 15:16:11

Güncelleme

2026-03-10 18:18:49

Source Identifier

56a186b1-7f5e-4314-ba38-38d5499fccfd

KEV Date Added

Kategoriler

CWE-306 HIGH 2026

Referanslar

https://cydome.io/vulnerability-advisory-cve-2026-2754-in-navtor-navbox-version-4-12-0-3 https://www.navtor.com/navtor-vendor-statement