Impact
A flaw in the DVP80ES300T firmware allows an attacker to supply an out‑of‑range index to an internal array, which can corrupt memory and destabilize the device. This improper validation of array index is a classic case of a buffer overrun (CWE-129) that could lead to crashes or potentially unexpected behavior. The CVE description and high CVSS score indicate that the flaw is significant enough to disrupt normal operation, though no direct evidence of remote code execution is presented.
Affected Systems
DeltaWatt devices running the DVP80ES300T appliance are affected when the firmware version is lower than 1.10. The vendor lists the entire line of DVP80ES300T appliances as vulnerable, and the suggested fix is to update to firmware v1.10 or a later release.
Risk and Exploitability
With a CVSS score of 7.5 the vulnerability is considered high severity, and the lack of an EPSS score means the likelihood of exploitation is currently unknown but could still be significant in targeted environments. The vulnerability is not yet listed in the CISA KEV catalog, but the firmware’s lack of proper bounds checking means an local or privileged attacker who can interact with the device could potentially trigger memory corruption. The recommended mitigation is a firmware upgrade; until then, limiting network exposure and disabling unnecessary services on affected devices can reduce risk.
OpenCVE Enrichment