THE Cybersecurity and Infrastructure Security Agency (CISA) has issued a maximum-severity CVSS 10.0 alert for the Synectix LAN 232 TRIO, a legacy serial-to-ethernet adapter, with the vulnerability tracked as CVE-2026-1633. The advisory notes the device completely fails to secure its administrative interface, exposing its web management interface without requiring authentication, which means unauthenticated users can modify critical device settings or factory reset the device.
Because there is no authentication barrier, an attacker does not need to steal credentials or exploit complex code; they simply need to navigate to the device’s IP address to take full control, according to CISA. The impact described is total system compromise, and successful exploitation could allow an unauthenticated attacker to modify settings or factory reset the device, potentially causing downtime or loss of visibility into critical processes in industrial environments.
With Synectix having ceased operations, the vendor states that the affected products should be considered end-of-life and firmware fixes, mitigations and updates will be unavailable, leaving no patch available. Organisations are urged to identify these devices and replace them with supported alternatives immediately, as physical removal is the only safe course of action.