Description
Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
Published: 2026-04-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Delta Electronics AS320T suffers from an incorrect buffer size calculation in the GET/PUT request handler of its web service, a classic stack-based buffer overflow flaw identified as CWE-131. The overflow can overwrite control data on the stack, permitting an attacker to inject and execute arbitrary code or crash the service, compromising the device’s confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects DeltaWW AS320T units running firmware versions older than v1.16. No specific older versions are listed, so all firmware prior to v1.16 is considered at risk.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, yet the EPSS score of less than 1% suggests a very low current exploitation probability. The flaw is not listed in CISA’s KEV catalog, but the remote nature of the web service means an attacker can target the device from the network where the service is exposed. Successful exploitation could grant full control over the device or cause a denial of service.

Generated by OpenCVE AI on April 28, 2026 at 06:57 UTC.

Remediation

Vendor Solution

Upgrade firmware to v1.16 or later

OpenCVE Recommended Actions

  • Upgrade the device firmware to version v1.16 or later as distributed by DeltaWW.
  • If an upgrade cannot be performed immediately, restrict or disable external access to the device’s web service through firewalls or access‑control lists.
  • Monitor system logs for anomalous activity such as unusual GET/PUT requests that could indicate exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 06:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww as320t Firmware
CPEs cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*
cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*
Vendors & Products Deltaww as320t Firmware

Fri, 24 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 06:00:00 +0000

Type Values Removed Values Added
Description Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
Title Incorrect calculation of buffer size on the stack in AS320T
First Time appeared Deltaww
Deltaww as320t
Weaknesses CWE-131
CPEs cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww as320t
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deltaww As320t As320t Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-04-24T15:27:12.043Z

Reserved: 2026-02-05T05:42:58.810Z

Link: CVE-2026-1949

cve-icon Vulnrichment

Updated: 2026-04-24T15:27:03.572Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T06:16:03.883

Modified: 2026-05-11T17:42:32.820

Link: CVE-2026-1949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:00:09Z

Weaknesses