CVE-2026-1951

Delta Electronics · AS320T

The Delta Electronics AS320T is vulnerable to a buffer overflow due to a lack of length validation when processing directory names.

Executive summary

A critical buffer overflow vulnerability in the Delta Electronics AS320T allows for potential arbitrary code execution, posing a severe risk to system integrity.

Vulnerability

The device fails to perform adequate bounds checking on directory name buffers, which can be exploited by an attacker to trigger a memory corruption condition. The authentication requirement is currently unspecified, but such memory-based vulnerabilities typically allow for remote code execution.

Business impact

The exploitation of this vulnerability could lead to complete system compromise, unauthorized data access, or permanent denial-of-service conditions. With a CVSS score of 9.8, this flaw represents a critical threat that could disrupt industrial operations and compromise sensitive process control data.

Remediation

Immediate Action: Update the affected Delta Electronics AS320T firmware to the latest manufacturer-provided release to resolve the buffer handling flaw.

Proactive Monitoring: Monitor network traffic and system logs for anomalous patterns or crash events that may indicate exploitation attempts.

Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall or industrial firewall to filter malicious traffic targeting the device.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical CVSS severity, administrators should prioritize the identification of all vulnerable AS320T units within their environment. Applying the vendor-supplied patch is the only definitive method to mitigate the risk of remote exploitation.