Description
AS228T with Authentication Bypass Vulnerability
Published: 2026-07-01
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AS228T firmware contains an authentication bypass flaw identified as CWE‑288. This weakness permits an adversary to circumvent the device’s authentication checks and gain unauthorized access. An attacker who successfully exploits the defect could potentially access privileged functions, configure the device, or use it as a pivot for further malicious activity. The impact is a direct loss of confidentiality and integrity for the managed system and could lead to unauthorized control of the affected asset.

Affected Systems

The vulnerability applies to DeltaWw AS228T devices. No explicit affected version range is provided; therefore, all firmware versions below 1.16 are presumed vulnerable until upgraded. The vendor has released a firmware update (v1.16 or later) that addresses the authentication bypass issue.

Risk and Exploitability

The CVSS score of 7.4 classifies the vulnerability as high severity. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog. Based on the description it is inferred that an attacker could exploit the weakness remotely if the device’s authentication service is exposed, or locally via a network where management credentials are accessible. The absence of an EPSS value suggests the exploitation probability is not currently quantified, but the high CVSS score indicates that, if exploited, the consequences would be significant.

Generated by OpenCVE AI on July 1, 2026 at 08:38 UTC.

Remediation

Vendor Solution

Users are recommended to upgrade the firmware to v1.16 or later.


OpenCVE Recommended Actions

  • Upgrade the AS228T firmware to version 1.16 or later to eliminate the authentication bypass flaw.
  • Where possible, disable or restrict management interfaces that are not required for normal operation, reducing the attack surface.
  • Apply network segmentation or firewall rules to limit access to the AS228T from untrusted or external networks.

Generated by OpenCVE AI on July 1, 2026 at 08:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
Description AS228T with Authentication Bypass Vulnerability
Title AS228T - Authentication Bypass Vulnerability
Weaknesses CWE-288
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-07-01T05:22:38.951Z

Reserved: 2026-06-18T05:22:59.674Z

Link: CVE-2026-12579

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T08:45:15Z

Weaknesses
  • CWE-288

    Authentication Bypass Using an Alternate Path or Channel