Description
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
Published: 2026-04-24
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

Delta Electronics AS320T firmware contains an undocumented subfunction that can be abused to cause a denial of service. The vulnerability allows an attacker to trigger the subfunction, forcing the device into a non‑responsive state and disrupting its intended operation. No information on the exact level of security impact beyond service interruption is provided, and the weakness is classified as CWE-912, indicating a flaw in the handling of a command or function call.

Affected Systems

All Delta Electronics AS320T devices are potentially impacted, regardless of their current firmware release, unless the device has already been upgraded to firmware version 1.16 or later. No specific prior firmware version boundary is listed, so users should presume that any out‑of‑date firmware is vulnerable.

Risk and Exploitability

The CVSS score of 9.8 signals a critical severity, yet the EPSS score is below 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of active exploitation at present. The attack vector is not explicitly disclosed; it is inferred to require access to the device’s command interface or the ability to send the undocumented subfunction to the device. Because the weakness is purely a denial‑of‑service issue, confidentiality and integrity are not directly compromised, but availability of the device is severely affected. The high severity score warrants prompt mitigation, even though exploitation likelihood appears low.

Generated by OpenCVE AI on April 28, 2026 at 06:56 UTC.

Remediation

Vendor Solution

Upgrade firmware to v1.16 or later

OpenCVE Recommended Actions

  • Apply the vendor‑provided firmware upgrade to version 1.16 or newer, which eliminates the vulnerable subfunction.
  • If an upgrade cannot be performed immediately, restrict external access to the device via firewall rules or network segmentation to prevent attackers from sending the undocumented command sequence.
  • Monitor device logs and traffic for repeated attempts to invoke the subfunction and investigate any service interruptions promptly.

Generated by OpenCVE AI on April 28, 2026 at 06:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Deltaww as320t Firmware
CPEs cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*
cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*
Vendors & Products Deltaww as320t Firmware

Fri, 24 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Description Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
Title Denial of service via the undocumented subfunction in AS320T
First Time appeared Deltaww
Deltaww as320t
Weaknesses CWE-912
CPEs cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*
Vendors & Products Deltaww
Deltaww as320t
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Deltaww As320t As320t Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Deltaww

Published:

Updated: 2026-04-24T15:26:08.538Z

Reserved: 2026-02-05T05:43:02.712Z

Link: CVE-2026-1952

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T07:16:09.627

Modified: 2026-05-11T17:42:47.270

Link: CVE-2026-1952

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:00:09Z

Weaknesses