Description
DVP80ES300T with Improper Validation of Array Index Vulnerability
Published: 2026-07-01
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the DVP80ES300T firmware allows an attacker to supply an out‑of‑range index to an internal array, which can corrupt memory and destabilize the device. This improper validation of array index is a classic case of a buffer overrun (CWE-129) that could lead to crashes or potentially unexpected behavior. The CVE description and high CVSS score indicate that the flaw is significant enough to disrupt normal operation, though no direct evidence of remote code execution is presented.

Affected Systems

DeltaWatt devices running the DVP80ES300T appliance are affected when the firmware version is lower than 1.10. The vendor lists the entire line of DVP80ES300T appliances as vulnerable, and the suggested fix is to update to firmware v1.10 or a later release.

Risk and Exploitability

With a CVSS score of 7.5 the vulnerability is considered high severity, and the lack of an EPSS score means the likelihood of exploitation is currently unknown but could still be significant in targeted environments. The vulnerability is not yet listed in the CISA KEV catalog, but the firmware’s lack of proper bounds checking means an local or privileged attacker who can interact with the device could potentially trigger memory corruption. The recommended mitigation is a firmware upgrade; until then, limiting network exposure and disabling unnecessary services on affected devices can reduce risk.

Generated by OpenCVE AI on July 1, 2026 at 08:38 UTC.

Remediation

Vendor Solution

Users are recommended to upgrade the firmware to v1.10 or later.


OpenCVE Recommended Actions

  • Upgrade the DVP80ES300T firmware to v1.10 or later as recommended by DeltaWatt.
  • If immediate upgrade is not possible, restrict external access to the device and disable any interfaces that may trigger the vulnerable array usage.
  • Continuously monitor device logs for crashes or unexpected reboots that could indicate exploitation attempts.

Generated by OpenCVE AI on July 1, 2026 at 08:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
Description DVP80ES300T with Improper Validation of Array Index Vulnerability
Title DVP80ES300T - Improper Validation of Array Index Vulnerability
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-07-01T05:30:54.717Z

Reserved: 2026-06-30T08:45:55.964Z

Link: CVE-2026-14193

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T08:45:15Z

Weaknesses
  • CWE-129

    Improper Validation of Array Index