Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Navtor NavBox exposes sensitive data to unauthorized access
CVE-2026-2754
Summary
Navtor NavBox allows anyone with network access to view sensitive information, such as configuration and operational details. This can be a concern for businesses that rely on the device, as it may compromise their security and potentially lead to unauthorized actions. To fix this, update the device to ensure proper authentication is in place for HTTP API endpoints.
Original title
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can exec...
Original description
Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT Information, device identifiers, and service status logs.
nvd CVSS3.1
7.5
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026