CVE-2026-1951
Delta Electronics · AS320T
The Delta Electronics AS320T is vulnerable to a buffer overflow due to a lack of length validation when processing directory names.
Executive summary
A critical buffer overflow vulnerability in the Delta Electronics AS320T allows for potential arbitrary code execution, posing a severe risk to system integrity.
Vulnerability
The device fails to perform adequate bounds checking on directory name buffers, which can be exploited by an attacker to trigger a memory corruption condition. The authentication requirement is currently unspecified, but such memory-based vulnerabilities typically allow for remote code execution.
Business impact
The exploitation of this vulnerability could lead to complete system compromise, unauthorized data access, or permanent denial-of-service conditions. With a CVSS score of 9.8, this flaw represents a critical threat that could disrupt industrial operations and compromise sensitive process control data.
Remediation
Immediate Action: Update the affected Delta Electronics AS320T firmware to the latest manufacturer-provided release to resolve the buffer handling flaw.
Proactive Monitoring: Monitor network traffic and system logs for anomalous patterns or crash events that may indicate exploitation attempts.
Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall or industrial firewall to filter malicious traffic targeting the device.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical CVSS severity, administrators should prioritize the identification of all vulnerable AS320T units within their environment. Applying the vendor-supplied patch is the only definitive method to mitigate the risk of remote exploitation.