CVE-2026-2754

Name of the Vulnerable Software and Affected Versions Navtor NavBox (affected versions not specified)

Description The software exposes sensitive configuration and operational data because of a lack of authentication on HTTP API endpoints. A remote attacker with network access can send HTTP GET requests to TCP port 8080 to obtain internal network parameters, including ECDIS and OT Information, device identifiers, and service status logs. The affected API endpoints lack authentication, allowing unauthorized access to sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.