CRITICAL🇵🇱 Wersja polska

CVE-2026-1951

CVSS 9.8v3.1pub. 2026-04-24upd. 2026-05-11

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

🤖 AI Analysis
How it works

The vulnerability consists of the lack of input data length validation passed as a directory name to a function that copies data to a stack buffer. An attacker can provide a deliberately crafted, excessively long directory name, causing a stack-based buffer overflow. Stack overflow can enable overwriting the return address or other critical control structures of the program, leading to code execution control takeover.

Impact

An unauthenticated remote attacker can gain full control over the device — including executing arbitrary code (RCE), compromising data confidentiality and integrity, and causing system unavailability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references — Delta Electronics security bulletin Delta-PCSA-2026-00006 available in the manufacturer's file center

Who is affected

Delta Electronics AS320T — specific firmware versions indicated in the manufacturer's references (bulletin Delta-PCSA-2026-00006)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Deltaww As320t

    HW
    Deltaww
    wszystkie wersje
  • Deltaww As320t Firmware

    OS
    Deltaww
    < 1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-1949CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT

CVE-2026-1950CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku

CVE-2026-1952CRITICAL9.8PL ✓ten sam produkt

Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję

CVE-2026-3630CRITICAL9.8PL ✓ten sam vendor

Stack-based Buffer Overflow w Delta Electronics COMMGR2

CVE-2025-62581CRITICAL9.8PL ✓ten sam vendor

Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)