CRITICAL🇵🇱 Wersja polska

CVE-2026-1949

CVSS 9.8v3.1pub. 2026-04-24upd. 2026-05-11

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

🤖 AI Analysis
How it works

The GET/PUT request handler in the built-in web service of AS320T incorrectly calculates the size of the buffer allocated on the stack (CWE-131 — Incorrect Calculation of Buffer Size). Sending an appropriately crafted HTTP request can cause a stack buffer overflow, allowing an attacker to overwrite critical program control structures. The attack vector is network-based, requires no authentication or user interaction.

Impact

An attacker can remotely take control of the device, potentially gaining the ability to execute arbitrary code (RCE), compromise confidentiality and integrity of data, and cause service unavailability.

Mitigation & patch

Apply patches available from the manufacturer according to references — bulletin Delta-PCSA-2026-00006 available in Delta File Center. Until updates are applied, it is recommended to restrict network access to the device's web interface using firewall or network segmentation.

Who is affected

Delta Electronics AS320T — versions indicated in manufacturer references (bulletin Delta-PCSA-2026-00006)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww As320t

    HW
    Deltaww
    wszystkie wersje
  • Deltaww As320t Firmware

    OS
    Deltaww
    < 1.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-1950CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku

CVE-2026-1951CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)

CVE-2026-1952CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję

CVE-2026-3630CRITICAL9.8PL ✓ten sam vendor

Stack-based Buffer Overflow w Delta Electronics COMMGR2

CVE-2025-62581CRITICAL9.8PL ✓ten sam vendor

Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)