Description
Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.
Published: 2026-04-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

Delta Electronics AS320T firmware contains a buffer overflow flaw caused by the lack of length checking when processing file names. The overflow can corrupt the stack, allowing an attacker to execute arbitrary code or raise privileges. The vulnerability is present in AS320T devices running firmware prior to version 1.16. No explicit version range is listed beyond the recommendation to upgrade. The CVSS score of 9.8 indicates a high severity, while the EPSS < 1% suggests that exploitation is currently rare or not widely observed. The flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could trigger the overflow by sending a specially crafted file name to the device, potentially from a remote source if the device accepts user‑supplied files.

Affected Systems

The vulnerable devices are Delta Electronics AS320T network storage units. Firmware versions earlier than 1.16 lack the necessary length check for file names and are affected. Upgrade to firmware v1.16 or later resolves the issue.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. The EPSS < 1% suggests a low likelihood of exploitation. The vulnerability is not referenced in the CISA KEV catalog. Attackers would need to deliver a malicious file name to the AS320T, possibly over a network interface that accepts file uploads, to trigger the buffer overflow and potentially gain arbitrary code execution with device privileges.

Generated by OpenCVE AI on April 28, 2026 at 14:24 UTC.

Remediation

Vendor Solution

Upgrade firmware to v1.16 or later

OpenCVE Recommended Actions

  • Upgrade the device firmware to version 1.16 or later as provided by Delta Electronics.
  • Restrict network access to the AS320T device so that only trusted hosts can submit file names, and monitor traffic for anomalous requests.
  • If a firmware upgrade is not immediately possible, place the device behind a firewall or network segment that limits exposure to potential attackers and subject it to rigorous logging and alerting for suspicious activity.

Generated by OpenCVE AI on April 28, 2026 at 14:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww as320t Firmware
CPEs cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*
cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*
Vendors & Products Deltaww as320t Firmware

Fri, 24 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Description Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.
Title No checking of the length of the buffer with the file name in AS320T
First Time appeared Deltaww
Deltaww as320t
Weaknesses CWE-121
CPEs cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww as320t
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deltaww As320t As320t Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-04-24T15:27:45.198Z

Reserved: 2026-02-05T05:43:00.436Z

Link: CVE-2026-1950

cve-icon Vulnrichment

Updated: 2026-04-24T15:27:40.305Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T07:16:08.523

Modified: 2026-05-11T17:42:40.187

Link: CVE-2026-1950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:30:33Z

Weaknesses