CVE-2016-9367 in NPort
Summary
by MITRE
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
The vulnerability identified as CVE-2016-9367 represents a critical resource exhaustion flaw affecting multiple Moxa NPort series industrial network devices. This issue impacts a wide range of serial-to-ethernet gateway models including the NPort 5110, 5130/5150, 5200, 5400, 5600, 5100A, 5200A, 5150AI-M12, 5250AI-M12, 5450AI-M12, 5600-8-DT, 5600-8-DTL, 6x50, and IA5450A series. The vulnerability stems from insufficient input validation and resource management within the device's network processing capabilities, allowing malicious actors to exploit the system through crafted resource requests that are not properly bounded or restricted.
This particular weakness manifests as a denial-of-service condition where an attacker can systematically consume available system resources such as memory, processing power, or network bandwidth through excessive or malformed requests. The vulnerability operates at the application layer and can be exploited remotely, making it particularly dangerous in industrial control environments where network availability is critical for operational continuity. The lack of proper resource limiting mechanisms means that an attacker can continuously submit requests that exhaust the device's available resources without proper throttling or rate limiting controls.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise industrial automation and control systems that rely on these network gateways for communication between field devices and control networks. When these devices become unresponsive due to resource exhaustion, it can lead to complete loss of communication between sensors, actuators, and control systems, resulting in production downtime, safety hazards, and operational failures. The vulnerability affects devices across multiple generations and series, indicating a systemic design flaw rather than an isolated incident.
According to CWE classification, this vulnerability maps to CWE-400 which describes "Uncontrolled Resource Consumption" or "Resource Exhaustion" conditions in software systems. The attack pattern aligns with techniques documented in the MITRE ATT&CK framework under the "Resource Exhaustion" tactic, where adversaries consume system resources to deny service to legitimate users or applications. The vulnerability's exploitation requires minimal technical expertise and can be automated, making it particularly dangerous in environments where network monitoring and intrusion detection systems may not be properly configured to detect such resource exhaustion patterns.
Organizations should implement immediate mitigations including firmware updates to the latest available versions for all affected device series, network segmentation to limit access to these devices, and implementation of network access controls to restrict who can communicate with the affected systems. Additionally, deploying network monitoring solutions that can detect unusual resource consumption patterns and implementing rate limiting controls at network boundaries can help prevent exploitation of this vulnerability. Regular vulnerability assessments and penetration testing should be conducted to identify similar resource management issues in other industrial control systems throughout the organization's infrastructure.