Critical Authentication Bypass in End-of-Life Synectix LAN 232 TRIO Adapters
Take action: If you use these Synectix adapters, isolate them from the internet immediately because they have no password protection and will never be patched. Since the company is out of business, plan a replacement of the devices.
Learn More
CISA reports critical security flaw in the Synectix LAN 232 TRIO serial-to-ethernet adapters that allows for complete device takeover.
The flaw is tracked as CVE-2026-1633 (CVSS score 10.0) - missing authentication vulnerability in the web management interface that allows unauthenticated users to modify critical settings. The device exposes its configuration ports to the network without requiring any login credentials, enabling attackers to change network parameters or trigger a factory reset.
Because these adapters often bridge legacy serial machinery to modern IT networks, a compromise could impact the monitoring and control of power grids and manufacturing lines.
The vulnerability impacts all versions of the Synectix LAN 232 TRIO 3-Port serial to ethernet adapter. Synectix, the manufacturer, is no longer in business, which means these devices are officially end-of-life. No firmware updates, security mitigations, or official patches will be released, leaving the hardware permanently vulnerable to exploitation if exposed.
Since no patches are available, organizations must use strict network segmentation to protect remaining units. Administrators should remove the adapters from the public internet and place them behind firewalls that isolate them from business networks. If remote access is required, use a secure VPN and restrict access to trusted internal IP addresses only.
