Description
A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
Published: 2026-03-18
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via stack-based buffer overflow
Action: Apply Update
AI Analysis

Impact

A remote attacker who is able to authenticate to the device’s WebUI can submit an oversized TFTP filename in a POST request. According to the vendor description, this input is improperly validated and causes a stack-based buffer overflow (CWE‑121). The overflow can crash the WebUI service or reboot the device, resulting in a denial‑of‑service (DoS) that disrupts network operations on the affected equipment.

Affected Systems

The vulnerability applies to an extensive list of Phoenix Contact FL devices, including FL NAT 2008, FL NAT 2208, FL NAT 2304‑2GC‑2SFP, and numerous FL SWITCH models such as FL SWITCH 2005, FL SWITCH 2008F, FL SWITCH 2016, FL SWITCH 2205, FL SWITCH 2408, FL SWITCH 2504‑2GC‑2SFP, and others enumerated in the known CNA vendors/products field. No specific firmware or hardware revision is indicated, so all current versions of these models are potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score is not provided, so the likelihood of exploitation is not quantified. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a user to be authenticated to the WebUI, limiting the attack surface to those with write privileges. Successful exploitation leads to a DoS, which could interrupt services on the affected network segment.

Generated by OpenCVE AI on March 18, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Phoenix Contact’s website or the advisory at https://certvde.com/de/advisories/VDE-2025-104 for any firmware or software updates that address the TFTP filename handling issue.
  • If no update is available, disable the TFTP feature in the device configuration or block POST requests to the TFTP endpoint via firewall or webUI access controls.
  • Restrict access to the WebUI to a trusted internal network or VPN and enforce strong authentication to limit the number of users with write privileges.
  • Monitor webUI logs for anomalous POST requests to the TFTP endpoint and consider additional network segmentation to isolate critical devices.

Generated by OpenCVE AI on March 18, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316
Vendors & Products Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316

Wed, 18 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
Title Buffer Overflow using TFTP Filename
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Phoenixcontact Fl Nat 2008 Fl Nat 2208 Fl Nat 2304-2gc-2sfp Fl Switch 2005 Fl Switch 2008 Fl Switch 2008f Fl Switch 2016 Fl Switch 2105 Fl Switch 2108 Fl Switch 2116 Fl Switch 2204-2tc-2sfx Fl Switch 2205 Fl Switch 2206-2fx Fl Switch 2206-2fx Sm Fl Switch 2206-2fx Sm St Fl Switch 2206-2fx St Fl Switch 2206-2sfx Fl Switch 2206-2sfx Pn Fl Switch 2206c-2fx Fl Switch 2207-fx Fl Switch 2207-fx Sm Fl Switch 2208 Fl Switch 2208 Pn Fl Switch 2208c Fl Switch 2212-2tc-2sfx Fl Switch 2214-2fx Fl Switch 2214-2fx Sm Fl Switch 2214-2sfx Fl Switch 2214-2sfx Pn Fl Switch 2216 Fl Switch 2216 Pn Fl Switch 2303-8sp1 Fl Switch 2304-2gc-2sfp Fl Switch 2306-2sfp Fl Switch 2306-2sfp Pn Fl Switch 2308 Fl Switch 2308 Pn Fl Switch 2312-2gc-2sfp Fl Switch 2314-2sfp Fl Switch 2314-2sfp Pn Fl Switch 2316 Fl Switch 2316/k1 Fl Switch 2316 Pn Fl Switch 2404-2tc-2sfx Fl Switch 2406-2sfx Fl Switch 2406-2sfx Pn Fl Switch 2408 Fl Switch 2408 Pn Fl Switch 2412-2tc-2sfx Fl Switch 2414-2sfx Fl Switch 2414-2sfx Pn Fl Switch 2416 Fl Switch 2416 Pn Fl Switch 2504-2gc-2sfp Fl Switch 2506-2sfp Fl Switch 2506-2sfp/k1 Fl Switch 2506-2sfp Pn Fl Switch 2508 Fl Switch 2508/k1 Fl Switch 2508 Pn Fl Switch 2512-2gc-2sfp Fl Switch 2514-2sfp Fl Switch 2514-2sfp Pn Fl Switch 2516 Fl Switch 2516 Pn Fl Switch 2608 Fl Switch 2608 Pn Fl Switch 2708 Fl Switch 2708 Pn Fl Switch 5916-8gc-4sfp+ Fl Switch 5916sfp-8gc-4sfp+ Fl Switch 5924-4gc Fl Switch 5924-4sfp+ Fl Switch 5924sfp-4gc Fl Switch Tsn 2312-2gc-2sfp Fl Switch Tsn 2314-2sfp Fl Switch Tsn 2316
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-18T15:08:43.181Z

Reserved: 2026-01-07T11:49:15.177Z

Link: CVE-2026-22316

cve-icon Vulnrichment

Updated: 2026-03-18T15:08:02.838Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T08:16:27.070

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-22316

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:59:12Z

Weaknesses