Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
The GET/PUT request handler in the built-in web service of AS320T incorrectly calculates the size of the buffer allocated on the stack (CWE-131 — Incorrect Calculation of Buffer Size). Sending an appropriately crafted HTTP request can cause a stack buffer overflow, allowing an attacker to overwrite critical program control structures. The attack vector is network-based, requires no authentication or user interaction.
An attacker can remotely take control of the device, potentially gaining the ability to execute arbitrary code (RCE), compromise confidentiality and integrity of data, and cause service unavailability.
Apply patches available from the manufacturer according to references — bulletin Delta-PCSA-2026-00006 available in Delta File Center. Until updates are applied, it is recommended to restrict network access to the device's web interface using firewall or network segmentation.
Delta Electronics AS320T — versions indicated in manufacturer references (bulletin Delta-PCSA-2026-00006)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww As320t
HWDeltawwwszystkie wersjeDeltaww As320t Firmware
OSDeltaww< 1.16
Related vulnerabilities
Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku
Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)
Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję
Stack-based Buffer Overflow w Delta Electronics COMMGR2
Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)