CVE-2026-2754 identifies a critical security vulnerability in Navtor NavBox version 4.12.0.3, a maritime navigation and operational technology device. The root cause is the absence of authentication mechanisms on certain HTTP API endpoints exposed on TCP port 8080. These endpoints allow unauthenticated remote attackers who have network access to the device to perform HTTP GET requests and retrieve sensitive configuration and operational data. The exposed data includes Electronic Chart Display and Information System (ECDIS) details, operational technology (OT) information, device identifiers, and service status logs. This vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce access control on critical functions. The vulnerability does not require user interaction or privileges, making it remotely exploitable over the network. Although no public exploits have been reported, the potential for information disclosure is significant, as attackers can gather intelligence that may facilitate further attacks or compromise maritime operations. The CVSS v3.1 score of 7.5 reflects the high confidentiality impact, network attack vector, low attack complexity, and no required privileges or user interaction. The vulnerability affects a specific version of NavBox (4.12.0.3), and no patches are currently listed, emphasizing the need for mitigation through compensating controls or vendor updates. Given the critical role of NavBox in maritime navigation and fleet management, this vulnerability poses a substantial risk to maritime organizations and their operational security.

The primary impact of CVE-2026-2754 is the unauthorized disclosure of sensitive maritime navigation and operational data. Exposure of ECDIS and OT information can reveal vessel routing, navigation status, and operational parameters, which adversaries could use for reconnaissance or to plan targeted attacks such as GPS spoofing, route manipulation, or operational disruption. Disclosure of device identifiers and service logs can aid attackers in fingerprinting devices and understanding system configurations, potentially facilitating further exploitation or lateral movement within maritime networks. While the vulnerability does not directly affect data integrity or system availability, the confidentiality breach alone can have severe consequences for maritime safety, operational secrecy, and compliance with maritime security regulations. Organizations relying on NavBox for navigation and operational control may face increased risks of cyber espionage, targeted attacks, or operational disruptions. The vulnerability's ease of exploitation without authentication and user interaction increases the likelihood of exploitation if network access is obtained. This risk is amplified in environments where NavBox devices are exposed to less secure networks or insufficiently segmented maritime IT infrastructures.

1. Network Segmentation: Isolate Navtor NavBox devices on dedicated, secured network segments with strict access controls to limit exposure to trusted personnel and systems only. 2. Firewall Rules: Implement firewall rules to restrict inbound traffic to TCP port 8080, allowing only authorized management stations or IP addresses to communicate with NavBox devices. 3. VPN or Secure Tunnels: Require all remote access to NavBox devices to occur over encrypted VPNs or secure tunnels that enforce authentication and authorization. 4. Vendor Coordination: Engage with Navtor to obtain patches or firmware updates addressing the missing authentication issue as soon as they become available. 5. Monitoring and Logging: Enable detailed logging and monitor network traffic to detect unauthorized access attempts to port 8080 or unusual API requests. 6. Device Hardening: Disable or restrict unused services and APIs on NavBox devices where possible to reduce the attack surface. 7. Incident Response Planning: Prepare response plans for potential data disclosure incidents involving NavBox devices, including forensic analysis and containment procedures. 8. Regular Audits: Conduct periodic security assessments and penetration tests focusing on maritime operational technology to identify and remediate similar vulnerabilities proactively.