CVE-2026-2754 in NavBox
Summary
by MITRE • 03/06/2026
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/12/2026
The vulnerability described in CVE-2026-2754 represents a critical security flaw in Navtor NavBox systems that exposes sensitive operational data through improperly configured HTTP API endpoints. This issue affects maritime navigation equipment where the device operates on TCP port 8080 and provides HTTP GET request capabilities without proper authentication mechanisms. The exposed data includes critical information such as ECDIS (Electronic Chart Display and Information System) parameters, OT (Operational Technology) information, device identifiers, and service status logs that are typically restricted to authorized personnel only. The vulnerability stems from a fundamental misconfiguration where the system fails to implement proper access controls, allowing any remote attacker with network connectivity to the device to retrieve potentially sensitive information.
This security weakness directly corresponds to CWE-306, which addresses missing authentication mechanisms, and aligns with ATT&CK technique T1046, representing network service scanning and information gathering activities. The vulnerability creates an attack surface that enables adversaries to perform reconnaissance and gather intelligence about the operational environment without requiring credentials or authorization. The exposed ECDIS information could reveal critical navigation parameters and system configurations that might be leveraged to plan more sophisticated attacks against the maritime navigation infrastructure. Device identifiers and service status logs provide additional context about the system's operational state and configuration, which could be used to identify potential targets or exploit system weaknesses.
The operational impact of this vulnerability extends beyond simple information disclosure, as it fundamentally compromises the security posture of maritime navigation systems. Attackers can use the retrieved information to understand the internal network topology, identify running services, and potentially discover other vulnerable components within the operational technology environment. The exposure of OT information specifically indicates that this vulnerability affects industrial control systems that are critical for maritime navigation and safety operations. This type of information leakage could enable adversaries to conduct targeted attacks against the navigation infrastructure, potentially leading to navigation errors, system disruptions, or even safety hazards in maritime operations. The lack of authentication on these endpoints creates a persistent risk that remains active until proper security controls are implemented.
Organizations should implement immediate mitigations including mandatory authentication for all HTTP API endpoints on port 8080, network segmentation to restrict access to these services, and regular security audits of operational technology systems. The recommended approach involves deploying authentication mechanisms such as basic authentication, API keys, or more robust authentication protocols to ensure that only authorized personnel can access sensitive operational data. Network access controls should be implemented to limit access to these endpoints to trusted networks or specific IP addresses. Additionally, regular monitoring of these endpoints for unauthorized access attempts should be established, and system administrators should conduct periodic assessments to ensure that no new unauthorized access points have been introduced. The vulnerability highlights the importance of applying security controls to operational technology systems and demonstrates the need for comprehensive security frameworks that address both IT and OT environments.