CVE-2026-2754

EPSS 0.51%
Veröffentlicht 06.03.2026 15:16:11
Zuletzt bearbeitet 05.06.2026 16:39:37
Quelle 56a186b1-7f5e-4314-ba38-38d549
CVE-Watchlists
Login
Unerledigt
Login

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Navtor ≫ Navbox Firmware Version >= 4.12.0.3 < 4.16.2.4

Navtor ≫ Navbox Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.39

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
56a186b1-7f5e-4314-ba38-38d5499fccfd	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cydome.io/vulnerability-advisory-cve-2026-2754-in-navtor-navbox-version-4-12-0-3

Third Party Advisory

https://www.navtor.com/navtor-vendor-statement

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-2754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2754

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2754