Common Weakness Enumeration

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2026-21903 (GCVE-0-2026-21903)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:18 – Updated: 2026-01-15 21:12
VLAI
Title
Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash
Summary
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS). Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart. The issue was not seen when YANG packages for the specific sensors were installed. This issue affects Junos OS:  * all versions before 22.4R3-S7, * 23.2 version before 23.2R2-S4, * 23.4 versions before 23.4R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 22.4R3-S7 (semver)
Affected: 23.2 , < 23.2R2-S4 (semver)
Affected: 23.4 , < 23.4R2 (semver)
Create a notification for this product.
Date Public
2026-01-14 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:12:00.833031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:12:08.631Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A device is only exposed to this issue if GRPC services are configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
            }
          ],
          "value": "A device is only exposed to this issue if GRPC services are configured:\n\n[ system services extension-service request-response grpc ]"
        }
      ],
      "datePublic": "2026-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated\u003c/span\u003e\u0026nbsp;with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\u003cbr\u003eThe issue was not seen when YANG packages for the specific sensors were installed. \u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 version before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u00a0authenticated\u00a0with low privileges to cause a Denial-of-Service (DoS).\n\n\n\nSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\nThe issue was not seen when YANG packages for the specific sensors were installed. \n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n  *  all versions before 22.4R3-S7,\n  *  23.2 version before 23.2R2-S4,\n  *  23.4 versions before 23.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:18:36.767Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA106022"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.juniper.net/JSA106022"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA106022",
        "defect": [
          "1811989"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-21903",
    "datePublished": "2026-01-15T20:18:36.767Z",
    "dateReserved": "2026-01-05T17:32:48.709Z",
    "dateUpdated": "2026-01-15T21:12:08.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2191 (GCVE-0-2026-2191)

Vulnerability from cvelistv5 – Published: 2026-02-08 22:32 – Updated: 2026-02-23 09:50
VLAI
Title
Tenda AC9 formGetDdosDefenceList stack-based overflow
Summary
A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.344894 vdb-entrytechnical-description
https://vuldb.com/?ctiid.344894 signaturepermissions-required
https://vuldb.com/?submit.749800 third-party-advisory
https://github.com/glkfc/IoT-Vulnerability/blob/m… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC9 Affected: 15.03.06.42_multi
    cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
jfkk (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2191",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T20:59:03.732671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T20:59:17.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
          ],
          "product": "AC9",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.06.42_multi"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jfkk (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 8.3,
            "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T09:50:50.691Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344894 | Tenda AC9 formGetDdosDefenceList stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344894"
        },
        {
          "name": "VDB-344894 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344894"
        },
        {
          "name": "Submit #749800 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.749800"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda3.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-09T00:42:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC9 formGetDdosDefenceList stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2191",
    "datePublished": "2026-02-08T22:32:10.488Z",
    "dateReserved": "2026-02-07T17:28:24.242Z",
    "dateUpdated": "2026-02-23T09:50:50.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2192 (GCVE-0-2026-2192)

Vulnerability from cvelistv5 – Published: 2026-02-08 23:02 – Updated: 2026-02-23 09:51
VLAI
Title
Tenda AC9 formGetRebootTimer stack-based overflow
Summary
A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.344895 vdb-entrytechnical-description
https://vuldb.com/?ctiid.344895 signaturepermissions-required
https://vuldb.com/?submit.749801 third-party-advisory
https://github.com/glkfc/IoT-Vulnerability/blob/m… exploit
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda AC9 Affected: 15.03.06.42_multi
    cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
jfkk (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2192",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T16:44:38.803800Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T16:45:07.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
          ],
          "product": "AC9",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "15.03.06.42_multi"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jfkk (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 8.3,
            "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T09:51:06.600Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344895 | Tenda AC9 formGetRebootTimer stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344895"
        },
        {
          "name": "VDB-344895 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344895"
        },
        {
          "name": "Submit #749801 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.749801"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-09T00:42:54.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda AC9 formGetRebootTimer stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2192",
    "datePublished": "2026-02-08T23:02:07.463Z",
    "dateReserved": "2026-02-07T17:28:28.567Z",
    "dateUpdated": "2026-02-23T09:51:06.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22189 (GCVE-0-2026-22189)

Vulnerability from cvelistv5 – Published: 2026-01-07 20:25 – Updated: 2026-05-26 11:51
VLAI
Title
Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow
Summary
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Panda3D Panda3D Affected: 0 , ≤ 1.10.16 (semver)
Create a notification for this product.
Credits
Ron Edgerson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22189",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T21:21:11.467323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T21:21:35.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Panda3D",
          "repo": "https://github.com/panda3d/panda3d",
          "vendor": "Panda3D",
          "versions": [
            {
              "lessThanOrEqual": "1.10.16",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:cmu:panda3d:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.10.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ron Edgerson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution."
            }
          ],
          "value": "The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T11:51:56.219Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2026/Jan/10"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.panda3d.org/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/panda3d/panda3d"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Panda3D \u003c= 1.10.16 egg-mkfont Stack Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-22189",
    "datePublished": "2026-01-07T20:25:37.702Z",
    "dateReserved": "2026-01-06T16:47:17.183Z",
    "dateUpdated": "2026-05-26T11:51:56.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22212 (GCVE-0-2026-22212)

Vulnerability from cvelistv5 – Published: 2026-01-12 23:02 – Updated: 2026-01-13 19:06
VLAI
Title
TinyOS <= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio
Summary
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
TinyOS TinyOS Affected: 0 , ≤ 2.1.2 (semver)
Create a notification for this product.
Credits
Ron Edgerson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22212",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:06:12.050843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:06:27.766Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TinyOS",
          "repo": "https://github.com/tinyos/tinyos-main",
          "vendor": "TinyOS",
          "versions": [
            {
              "lessThanOrEqual": "2.1.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ron Edgerson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes."
            }
          ],
          "value": "TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device discovery. A local attacker can exploit this by creating specially crafted filenames under /dev/usb/, leading to stack memory corruption and application crashes."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-12T23:02:45.973Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2026/Jan/14"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/tinyos/tinyos-main"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/tinyos-stack-based-buffer-overflow-in-mcp2200gpio"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "TinyOS \u003c= 2.1.2 Stack-Based Buffer Overflow in mcp2200gpio",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-22212",
    "datePublished": "2026-01-12T23:02:45.973Z",
    "dateReserved": "2026-01-06T16:47:17.187Z",
    "dateUpdated": "2026-01-13T19:06:27.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22213 (GCVE-0-2026-22213)

Vulnerability from cvelistv5 – Published: 2026-01-12 23:03 – Updated: 2026-05-14 02:09
VLAI
Title
RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility
Summary
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix '/dev/' with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
RIOT RIOT OS Affected: 0 , ≤ 2026.01-devel-317 (custom)
Create a notification for this product.
Credits
Ron Edgerson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22213",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:37:33.649371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:37:41.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RIOT OS",
          "repo": "https://github.com/RIOT-OS/RIOT",
          "vendor": "RIOT",
          "versions": [
            {
              "lessThanOrEqual": "2026.01-devel-317",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ron Edgerson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix \u0027/dev/\u0027 with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption."
            }
          ],
          "value": "RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. The utility uses strcpy() and strcat() to concatenate the fixed prefix \u0027/dev/\u0027 with a user-supplied device name provided via the -s command-line option without bounds checking. This allows an attacker to supply an excessively long device name and overflow a fixed-size stack buffer, leading to process crashes and memory corruption."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:09:05.985Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2026/Jan/15"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.riot-os.org/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/RIOT-OS/RIOT"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-tapslip6-utility"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RIOT OS \u003c= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-22213",
    "datePublished": "2026-01-12T23:03:05.461Z",
    "dateReserved": "2026-01-06T16:47:17.187Z",
    "dateUpdated": "2026-05-14T02:09:05.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22214 (GCVE-0-2026-22214)

Vulnerability from cvelistv5 – Published: 2026-01-12 23:03 – Updated: 2026-05-14 02:09
VLAI
Title
RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in ethos Serial Frame Parser
Summary
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
RIOT RIOT OS Affected: 0 , ≤ 2026.01-devel-317 (custom)
Create a notification for this product.
Credits
Ron Edgerson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22214",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:50:33.856751Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:50:40.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RIOT OS",
          "repo": "https://github.com/RIOT-OS/RIOT",
          "vendor": "RIOT",
          "versions": [
            {
              "lessThanOrEqual": "2026.01-devel-317",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ron Edgerson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash."
            }
          ],
          "value": "RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer without verifying that the current write index remains within bounds. An attacker capable of sending crafted serial or TCP-framed input can cause the current write index to exceed the buffer size, resulting in a write past the end of the stack buffer. This condition leads to memory corruption and application crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T02:09:06.739Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://seclists.org/fulldisclosure/2026/Jan/16"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.riot-os.org/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/RIOT-OS/RIOT"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/riot-os-stack-based-buffer-overflow-in-ethos-serial-frame-parser"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RIOT OS \u003c= 2026.01-devel-317 Stack-Based Buffer Overflow in ethos Serial Frame Parser",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-22214",
    "datePublished": "2026-01-12T23:03:23.393Z",
    "dateReserved": "2026-01-06T16:47:17.187Z",
    "dateUpdated": "2026-05-14T02:09:06.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22262 (GCVE-0-2026-22262)

Vulnerability from cvelistv5 – Published: 2026-01-27 18:18 – Updated: 2026-01-27 19:30
VLAI
Title
Suricata datasets: stack overflow when saving a set
Summary
Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
OISF suricata Affected: < 7.0.14
Affected: >= 8.0.0, < 8.0.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T19:29:40.963947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T19:30:42.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "suricata",
          "vendor": "OISF",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.0.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, if the data in the dataset is too large, this can result in a stack overflow. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, do not use rules with datasets `save` nor `state` options."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T18:18:52.922Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/0eff24213763c2aa2bb0957901d5dc1e18414dbf"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/27a2180bceaa3477419c78c54fce364398d011f1"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/32609e6896f9079c175665a94005417cec7637eb"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/d6bc718e303ecbec5999066b8bc88eeeca743658"
        },
        {
          "name": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90"
        },
        {
          "name": "https://redmine.openinfosecfoundation.org/issues/8110",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://redmine.openinfosecfoundation.org/issues/8110"
        }
      ],
      "source": {
        "advisory": "GHSA-9qg5-2gwh-xp86",
        "discovery": "UNKNOWN"
      },
      "title": "Suricata datasets: stack overflow when saving a set"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22262",
    "datePublished": "2026-01-27T18:18:52.922Z",
    "dateReserved": "2026-01-07T05:19:12.923Z",
    "dateUpdated": "2026-01-27T19:30:42.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22316 (GCVE-0-2026-22316)

Vulnerability from cvelistv5 – Published: 2026-03-18 07:33 – Updated: 2026-03-18 15:08
VLAI
Title
Buffer Overflow using TFTP Filename
Summary
A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact FL SWITCH 2005 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2016 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2105 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2108 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2116 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2204-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2205 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206C-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208C Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2212-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2404-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2412-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2504-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2512-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2303-8SP1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008F Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924SFP-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916SFP-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T15:07:52.390399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T15:08:43.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2005",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2016",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2105",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2108",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2116",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2204-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2205",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206C-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208C",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2212-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2404-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2412-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2504-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2512-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2303-8SP1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008F",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924SFP-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916SFP-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.\u003cbr\u003e"
            }
          ],
          "value": "A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T07:33:31.584Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-104"
        }
      ],
      "source": {
        "advisory": "VDE-2025-104",
        "defect": [
          "CERT@VDE#641898"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Buffer Overflow using TFTP Filename",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22316",
    "datePublished": "2026-03-18T07:33:31.584Z",
    "dateReserved": "2026-01-07T11:49:15.177Z",
    "dateUpdated": "2026-03-18T15:08:43.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22318 (GCVE-0-2026-22318)

Vulnerability from cvelistv5 – Published: 2026-03-18 07:33 – Updated: 2026-03-18 13:57
VLAI
Title
Stack-Based Buffer Overflow in File Transfer Parameter Handling
Summary
A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact FL SWITCH 2005 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2016 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2105 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2108 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2116 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2204-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2205 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206C-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208C Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2212-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2404-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2412-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2504-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2512-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2303-8SP1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008F Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924SFP-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916SFP-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T13:40:21.762727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T13:57:31.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2005",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2016",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2105",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2108",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2116",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2204-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2205",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206C-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208C",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2212-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2404-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2412-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2504-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2512-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2303-8SP1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008F",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924SFP-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916SFP-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack-based buffer overflow vulnerability in the device\u0027s file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.\u003cbr\u003e"
            }
          ],
          "value": "A stack-based buffer overflow vulnerability in the device\u0027s file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T07:33:55.612Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-104"
        }
      ],
      "source": {
        "advisory": "VDE-2025-104",
        "defect": [
          "CERT@VDE#641898"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack-Based Buffer Overflow in File Transfer Parameter Handling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22318",
    "datePublished": "2026-03-18T07:33:55.612Z",
    "dateReserved": "2026-01-07T11:49:15.178Z",
    "dateUpdated": "2026-03-18T13:57:31.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-10

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation

Phase: Architecture and Design

Description:

  • Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation

Phase: Implementation

Description:

  • Implement and perform bounds checking on input.
Mitigation

Phase: Implementation

Description:

  • Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.

Back to CWE stats page