← Back

Navtor

navtor

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Navbox Firmware
navbox_firmware
2 CVEs
Navbox
navbox
0 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-2754
1Navtor
1Navbox Firmware
Jun 5, 2026
Mar 6, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests t...Show more
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.Show less
CVE-2026-2753
1Navtor
1Navbox Firmware
Jun 5, 2026
Mar 6, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue...Show more
An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit this issue by submitting requests containing absolute filesystem paths. Successful exploitation allows the attacker to retrieve arbitrary files from the underlying filesystem, limited only by the privileges of the service process. This can lead to the exposure of sensitive configuration files and system information.Show less