CVE-2017-16715 in NPort 5110
Summary
by MITRE
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/03/2026
The vulnerability identified as CVE-2017-16715 represents a critical information exposure flaw affecting Moxa NPort series industrial network devices including the NPort 5110, 5130, and 5150 models across multiple firmware versions. This issue stems from improper handling of Ethernet frame padding during network communication processing, creating a significant security risk for industrial control systems and network infrastructure deployments. The vulnerability specifically impacts devices running firmware versions 2.2, 2.4, 2.6, 2.7 for NPort 5110, version 3.7 and prior for NPort 5130, and version 3.7 and prior for NPort 5150, making it a widespread concern across multiple device families within the Moxa industrial networking portfolio.
The technical flaw manifests in the Ethernet frame processing logic where the device fails to properly validate or sanitize frame padding bytes during network packet handling. This improper frame padding management creates a condition where sensitive information from memory locations adjacent to network buffers may be inadvertently exposed through network traffic. The vulnerability operates at the network protocol level, specifically targeting the data link layer where Ethernet frames are processed, allowing attackers to potentially extract confidential data through crafted network packets that exploit the padding handling mechanism. This type of information exposure vulnerability aligns with CWE-200, which describes improper information exposure, and represents a classic case of data leakage through protocol implementation flaws.
The operational impact of this vulnerability extends beyond simple information disclosure, particularly within industrial environments where these devices serve as critical network infrastructure components. Attackers exploiting this vulnerability could gain access to sensitive operational data, system configuration information, or even credentials stored in memory regions that become exposed through the padding handling flaw. The implications are particularly severe in industrial control systems where network devices like the Moxa NPort series act as gateways between operational technology networks and enterprise systems, potentially enabling attackers to map network topologies, identify device configurations, or extract system information that could facilitate further attacks. This vulnerability directly impacts the confidentiality and integrity of network communications within industrial environments and aligns with ATT&CK technique T1082 for system information discovery and T1567 for exfiltration of data.
Mitigation strategies for this vulnerability should focus on immediate firmware updates provided by Moxa to address the specific padding handling implementation flaw. Network administrators should implement network segmentation and access controls to limit exposure of affected devices to untrusted networks, while monitoring network traffic for unusual patterns that might indicate exploitation attempts. Additionally, implementing network intrusion detection systems with signatures targeting this specific vulnerability can help identify exploitation attempts. Organizations should also conduct comprehensive inventory assessments to identify all affected Moxa NPort devices across their network infrastructure and prioritize remediation efforts based on risk assessment. The vulnerability underscores the importance of secure coding practices in industrial network equipment and highlights the necessity of thorough security testing of network protocol implementations, particularly in devices operating in critical infrastructure environments where security failures can have cascading operational impacts.