CVE-2026-1633
published 2026-02-04CVE-2026-1633: The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated…
PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.55%
41.8th percentile
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| synectix | lan_232_trio | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The Synectix LAN 232 TRIO web management interface is exposed without authentication — detect unauthenticated HTTP requests to the device's management interface from unexpected or external sources ↗
- →All firmware versions of Synectix LAN 232 TRIO are affected (vers:all/*) — any observed device of this model should be treated as vulnerable regardless of firmware version ↗
- →Network-accessible (AV:N), no privileges required (PR:N), no user interaction (UI:N) — monitor for unauthenticated HTTP configuration or reset requests to serial-to-ethernet adapter management interfaces on the network ↗
- ·The vendor (Synectix) is no longer in business; no firmware fix, mitigation, or update will ever be available — all deployed devices must be treated as permanently unpatched ↗
- ·Every version of the LAN 232 TRIO is affected with no exceptions — there is no safe firmware version to target in detection scope filtering ↗
- ·No known public exploitation has been reported to CISA at time of advisory publication, but the CVSS score is 10.0 CRITICAL with network-reachable, zero-interaction attack vector ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wr22-69c2-f45v: The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenti
ghsa_unreviewed·2026-02-04
CVE-2026-1633 [CRITICAL] CWE-306 GHSA-wr22-69c2-f45v: The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenti
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.
CISA ICS
Synectix LAN 232 TRIO
cisa_ics·2026-02-03·CVSS 10.0
[CRITICAL] Synectix LAN 232 TRIO
ICS Advisory
##
Synectix LAN 232 TRIO
Release DateFebruary 03, 2026
Alert CodeICSA-26-034-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could result in an unauthenticated attacker modifying critical device settings or factory resetting the device.
The following versions of Synectix LAN 232 TRIO are affected:
- LAN 232 TRIO vers:all/* (CVE-2026-1633)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 10
| Synectix
| Synectix LAN 232 TRIO
| Missing Authentication for Critical Function
## Background
- Critical Infrastructure Sectors: Critical Manufacturing, Emergency Services, Energy, Information Technology, Transportation Systems, Water and Wastewater
-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-04
Published