CRITICAL🇵🇱 Wersja polska

CVE-2026-1950

CVSS 9.8v3.1pub. 2026-04-24upd. 2026-05-11

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

🤖 AI Analysis
How it works

The attacker sends a crafted filename of excessive length to the AS320T device. The application does not verify whether the data fits within the designated stack buffer, causing a stack buffer overflow. Overwriting stack memory areas can enable taking control of program execution flow and running arbitrary code.

Impact

An attacker can remotely execute arbitrary code on the device without requiring authentication credentials, which may lead to complete system takeover and loss of confidentiality, integrity, and availability of data.

Mitigation & patch

Security patches available from the manufacturer should be applied in accordance with references — Delta Electronics security bulletin PCSA-2026-00006 available at the address indicated in the CVE references section

Who is affected

Delta Electronics AS320T — specific firmware versions indicated in manufacturer references (Delta-PCSA-2026-00006 bulletin)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww As320t

    HW
    Deltaww
    wszystkie wersje
  • Deltaww As320t Firmware

    OS
    Deltaww
    < 1.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-1949CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT

CVE-2026-1951CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — przepełnienie bufora przez nazwę katalogu (stack-based buffer overflow)

CVE-2026-1952CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję

CVE-2026-3630CRITICAL9.8PL ✓ten sam vendor

Stack-based Buffer Overflow w Delta Electronics COMMGR2

CVE-2025-62581CRITICAL9.8PL ✓ten sam vendor

Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)