Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.
The attacker sends a crafted filename of excessive length to the AS320T device. The application does not verify whether the data fits within the designated stack buffer, causing a stack buffer overflow. Overwriting stack memory areas can enable taking control of program execution flow and running arbitrary code.
An attacker can remotely execute arbitrary code on the device without requiring authentication credentials, which may lead to complete system takeover and loss of confidentiality, integrity, and availability of data.
Security patches available from the manufacturer should be applied in accordance with references — Delta Electronics security bulletin PCSA-2026-00006 available at the address indicated in the CVE references section
Delta Electronics AS320T — specific firmware versions indicated in manufacturer references (Delta-PCSA-2026-00006 bulletin)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww As320t
HWDeltawwwszystkie wersjeDeltaww As320t Firmware
OSDeltaww< 1.16
Related vulnerabilities
Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT
Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)
Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję
Stack-based Buffer Overflow w Delta Electronics COMMGR2
Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)