Description
Delta Electronics AS320T has no checking of the length of the buffer with the directory name

vulnerability.
Published: 2026-04-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential for arbitrary code execution via stack-based buffer overflow
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from a missing check on the length of the buffer that stores a directory name. This omission can lead to a stack‑based buffer overflow (CWE‑121) if an attacker supplies an overly long directory name. Although the description does not explicitly detail the consequences, a typical overflow can overwrite return addresses or other control data, giving the attacker the possibility to execute arbitrary code on the device. The impact therefore includes potential compromise of the device’s confidentiality, integrity, and availability.

Affected Systems

Delta Electronics AS320T network device, firmware versions prior to 1.12. The vendor lists the affected product as DeltaWW:AS320T; all releases before 1.12 are impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector would be through any interface that accepts directory names (e.g., file management or network interface) and could be remote if the device is exposed; however, the exact path is not specified.

Generated by OpenCVE AI on April 28, 2026 at 20:23 UTC.

Remediation

Vendor Solution

Upgrade firmware to v1.12 or later

OpenCVE Recommended Actions

  • Upgrade the device firmware to version 1.12 or later as recommended by Delta Electronics.
  • If an upgrade cannot be performed immediately, restrict access to the management interfaces or block traffic that could carry the vulnerable directory name input (e.g., via firewall rules).
  • Implement network segmentation and disable unnecessary services to minimize exposure to the vulnerable interface.

Generated by OpenCVE AI on April 28, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww as320t Firmware
CPEs cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*
cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*
Vendors & Products Deltaww as320t Firmware

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Description Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.
Title No checking of the length of the buffer with the directory name in AS320T
First Time appeared Deltaww
Deltaww as320t
Weaknesses CWE-121
CPEs cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww as320t
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deltaww As320t As320t Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-04-24T13:08:01.910Z

Reserved: 2026-02-05T05:43:01.572Z

Link: CVE-2026-1951

cve-icon Vulnrichment

Updated: 2026-04-24T13:07:57.244Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T07:16:09.520

Modified: 2026-05-11T17:42:30.020

Link: CVE-2026-1951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses