CVE-2026-1633 PUBLISHED

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.

The affected products should be considered end-of-life, as Synectix is no longer in business and therefore firmware fixes, mitigations and updates will be unavailable.

• Souvik Kandar of MicroSec reported this vulnerability to CISA finder

• https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04
• https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json

• CWE-306 Missing Authentication for Critical Function CWE