Skip to main content

Delta AS320T CVE-2026-1950

| EUVDEUVD-2026-25402 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-04-24 Deltaww GHSA-wv29-5pf5-8fp6
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 24, 2026 - 07:22 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 07:00 vuln.today
EUVD ID Assigned
Apr 24, 2026 - 06:45 euvd
EUVD-2026-25402
Analysis Generated
Apr 24, 2026 - 06:45 vuln.today
CVE Published
Apr 24, 2026 - 05:56 nvd
CRITICAL 9.8

DescriptionCVE.org

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

AnalysisAI

Remote code execution in Delta Electronics AS320T allows unauthenticated network attackers to exploit an unchecked buffer overflow in filename processing to execute arbitrary code with high impact to confidentiality, integrity, and availability. The CVSS 9.8 critical score reflects network-accessible attack surface with no authentication or user interaction required. No EPSS or KEV data available at time of analysis, but vendor advisory confirms multiple related vulnerabilities affecting the same product line.

Technical ContextAI

The vulnerability affects Delta Electronics AS320T industrial automation equipment, which appears to be a network-connected control or HMI device based on the deltaww CPE namespace. The root cause is CWE-121 (Stack-based Buffer Overflow), occurring when the device processes filenames without validating length constraints. This classic memory corruption vulnerability allows attackers to overwrite stack memory by providing maliciously crafted filenames exceeding expected buffer sizes. The affected component likely involves file upload, download, or processing functionality exposed over the network. Tags indicate this is specifically a stack-based buffer overflow rather than heap corruption, suggesting the vulnerable buffer is allocated on the stack during filename handling operations.

RemediationAI

Apply vendor-released patches documented in Delta Electronics security advisory Delta-PCSA-2026-00006 at https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf. Exact patched firmware version should be verified from the advisory as NVD data does not specify fix version. Until patching is complete, implement network segmentation to isolate AS320T devices from untrusted networks, restrict access to file processing interfaces through firewall rules permitting only authenticated management IPs, and monitor for suspicious filename patterns in file operation logs. If file upload/transfer functionality is not operationally required, disable these features entirely at the application or network level. Note that network isolation may impact remote management capabilities and require on-site access for maintenance operations.

Share

CVE-2026-1950 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy