A stack-based buffer overflow in the Delta Electronics AS320T web service creates a critical risk for remote code execution and system instability.

The web service fails to correctly calculate buffer sizes on the stack during the processing of GET/PUT requests. This allows an attacker to trigger a buffer overflow, potentially leading to arbitrary code execution or a crash of the service.

With a CVSS score of 9.8, this vulnerability is extremely dangerous, as it can allow an attacker to gain full control over the device. Potential impacts include unauthorized access to operational data, the deployment of malicious payloads, and critical system downtime, which is particularly severe in industrial environments.

Immediate Action: Update the firmware of the Delta Electronics AS320T to the latest version provided by the manufacturer.

Proactive Monitoring: Monitor for unexpected service crashes or restarts, which may indicate an exploitation attempt in progress.

Compensating Controls: Implement network-level filtering to restrict access to the web service, ensuring that only authorized traffic can reach the device.

Public Exploit Available: No

Buffer overflows in critical service handlers are high-priority vulnerabilities that can lead to complete device compromise. Organizations must expedite the deployment of the provided patches and verify the integrity of the device configuration post-update.