Common Weakness Enumeration

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CVE-2026-22319 (GCVE-0-2026-22319)

Vulnerability from cvelistv5 – Published: 2026-03-18 07:34 – Updated: 2026-03-18 13:39
VLAI
Title
Stack-Based Buffer Overflow in File Install Parameter Handling
Summary
A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact FL SWITCH 2005 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2016 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2105 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2108 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2116 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2204-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2205 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206C-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208C Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2212-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2404-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2412-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2504-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2512-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2303-8SP1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008F Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924SFP-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916SFP-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T13:34:43.330197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T13:39:18.119Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2005",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2016",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2105",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2108",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2116",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2204-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2205",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206C-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208C",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2212-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2404-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2412-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2504-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2512-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2303-8SP1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008F",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924SFP-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916SFP-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack-based buffer overflow in the device\u0027s file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.\u003cbr\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in the device\u0027s file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T07:34:07.998Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-104"
        }
      ],
      "source": {
        "advisory": "VDE-2025-104",
        "defect": [
          "CERT@VDE#641898"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack-Based Buffer Overflow in File Install Parameter Handling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22319",
    "datePublished": "2026-03-18T07:34:07.998Z",
    "dateReserved": "2026-01-07T11:49:15.178Z",
    "dateUpdated": "2026-03-18T13:39:18.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22320 (GCVE-0-2026-22320)

Vulnerability from cvelistv5 – Published: 2026-03-18 07:34 – Updated: 2026-03-18 13:33
VLAI
Title
Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI
Summary
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact FL SWITCH 2005 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2016 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2105 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2108 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2116 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2204-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2205 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206C-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208C Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2212-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2404-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2412-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2504-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2512-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2303-8SP1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008F Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924SFP-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916SFP-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22320",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T13:33:19.219623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T13:33:41.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2005",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2016",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2105",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2108",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2116",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2204-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2205",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206C-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208C",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2212-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2404-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2412-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2504-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2512-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2303-8SP1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008F",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924SFP-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916SFP-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack-based buffer overflow in the CLI\u0027s TFTP file\u2011transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.\u003cbr\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in the CLI\u0027s TFTP file\u2011transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T07:34:23.026Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-104"
        }
      ],
      "source": {
        "advisory": "VDE-2025-104",
        "defect": [
          "CERT@VDE#641898"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22320",
    "datePublished": "2026-03-18T07:34:23.026Z",
    "dateReserved": "2026-01-07T11:49:15.178Z",
    "dateUpdated": "2026-03-18T13:33:41.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22321 (GCVE-0-2026-22321)

Vulnerability from cvelistv5 – Published: 2026-03-18 07:34 – Updated: 2026-03-18 13:32
VLAI
Title
Stack-Based Buffer Overflow in CLI Login Username Handling over CLI
Summary
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Phoenix Contact FL SWITCH 2005 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2016 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2105 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2108 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2116 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2204-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2205 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX SM ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2FX ST Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2206C-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2207-FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2208C Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2212-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2FX SM Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2214-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2216 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2306-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2308 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2314-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2404-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2406-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2408 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2412-2TC-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2414-2SFX PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2416 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2504-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2512-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2514-2SFP PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2516 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2608 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2708 PN Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2303-8SP1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2008 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2208 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL NAT 2304-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2008F Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2316/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2506-2SFP/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 2508/K1 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2316 Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2312-2GC-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH TSN 2314-2SFP Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924SFP-4GC Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5924-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Phoenix Contact FL SWITCH 5916SFP-8GC-4SFP+ Affected: 0.0.0 , < 3.53 (semver)
Create a notification for this product.
Credits
Gabriele Quagliarella from Nozomi Networks
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T13:32:15.348977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T13:32:24.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2005",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2016",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2105",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2108",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2116",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2204-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2205",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX SM ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2FX ST",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2206C-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2207-FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2208C",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2212-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2FX SM",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2214-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2216 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2306-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2308 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2314-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2404-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2406-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2408 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2412-2TC-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2414-2SFX PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2416 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2504-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2512-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2514-2SFP PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2516 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2608 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2708 PN",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2303-8SP1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2008",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2208",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL NAT 2304-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2008F",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2316/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2506-2SFP/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 2508/K1",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2316",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2312-2GC-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH TSN 2314-2SFP",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924SFP-4GC",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5924-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL SWITCH 5916SFP-8GC-4SFP+",
          "vendor": "Phoenix Contact",
          "versions": [
            {
              "lessThan": "3.53",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Gabriele Quagliarella from Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack-based buffer overflow in the device\u0027s Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low\u2011severity availability disruption.\u003cbr\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in the device\u0027s Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low\u2011severity availability disruption."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T07:34:36.289Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2025-104"
        }
      ],
      "source": {
        "advisory": "VDE-2025-104",
        "defect": [
          "CERT@VDE#641898"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack-Based Buffer Overflow in CLI Login Username Handling over CLI",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22321",
    "datePublished": "2026-03-18T07:34:36.289Z",
    "dateReserved": "2026-01-07T11:49:15.178Z",
    "dateUpdated": "2026-03-18T13:32:24.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22790 (GCVE-0-2026-22790)

Vulnerability from cvelistv5 – Published: 2026-03-26 14:31 – Updated: 2026-03-26 15:19
VLAI
Title
EVerest's unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
EVerest everest-core Affected: < 2026.02.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22790",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T15:19:32.904960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T15:19:36.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "everest-core",
          "vendor": "EVerest",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.02.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`\u0027d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T14:31:44.486Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-wh8w-7cfc-gq7m"
        }
      ],
      "source": {
        "advisory": "GHSA-wh8w-7cfc-gq7m",
        "discovery": "UNKNOWN"
      },
      "title": "EVerest\u0027s unchecked SLAC payload length causes stack overflow in HomeplugMessage::setup_payload"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22790",
    "datePublished": "2026-03-26T14:31:44.486Z",
    "dateReserved": "2026-01-09T18:27:19.388Z",
    "dateUpdated": "2026-03-26T15:19:36.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22903 (GCVE-0-2026-22903)

Vulnerability from cvelistv5 – Published: 2026-02-09 07:39 – Updated: 2026-02-09 15:36
VLAI
Title
Stack Overflow via SESSIONID Cookie in lighttpd
Summary
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Credits
Diconium
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22903",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T15:36:08.801691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T15:36:36.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "0852-1322",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "2.64",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1328",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "2.64",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1322",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "2.64"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1328",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "2.64"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diconium"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T07:39:42.537Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2026-004"
        }
      ],
      "source": {
        "advisory": "VDE-2026-004",
        "defect": [
          "CERT@VDE#641934"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack Overflow via SESSIONID Cookie in lighttpd",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22903",
    "datePublished": "2026-02-09T07:39:42.537Z",
    "dateReserved": "2026-01-13T08:33:25.683Z",
    "dateUpdated": "2026-02-09T15:36:36.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22904 (GCVE-0-2026-22904)

Vulnerability from cvelistv5 – Published: 2026-02-09 07:40 – Updated: 2026-02-09 15:34
VLAI
Title
Stack Overflow via Oversized Cookie Fields in lighttpd
Summary
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote code execution.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Credits
Diconium
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T15:34:33.982565Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T15:34:53.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "0852-1322",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "2.64",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1328",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "2.64",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1322",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "2.64"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "0852-1328",
          "vendor": "WAGO",
          "versions": [
            {
              "status": "affected",
              "version": "2.64"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diconium"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution.\u003cbr\u003e"
            }
          ],
          "value": "Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial\u2011of\u2011service condition and possible remote code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T07:40:00.484Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://certvde.com/de/advisories/VDE-2026-004"
        }
      ],
      "source": {
        "advisory": "VDE-2026-004",
        "defect": [
          "CERT@VDE#641934"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Stack Overflow via Oversized Cookie Fields in lighttpd",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2026-22904",
    "datePublished": "2026-02-09T07:40:00.484Z",
    "dateReserved": "2026-01-13T08:33:25.683Z",
    "dateUpdated": "2026-02-09T15:34:53.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22923 (GCVE-0-2026-22923)

Vulnerability from cvelistv5 – Published: 2026-02-10 09:58 – Updated: 2026-03-10 16:07
VLAI
Summary
A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Siemens NX Affected: 0 , < V2512 (custom)
Create a notification for this product.
Siemens NX (Managed Mode) Affected: 0 , < V2512 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T19:53:34.581103Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T19:53:42.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "NX",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2512",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "NX (Managed Mode)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2512",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in NX (All versions \u003c V2512), NX (Managed Mode) (All versions \u003c V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially lead to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-10T16:07:51.795Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-535115.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2026-22923",
    "datePublished": "2026-02-10T09:58:45.403Z",
    "dateReserved": "2026-01-13T15:21:45.768Z",
    "dateUpdated": "2026-03-10T16:07:51.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2329 (GCVE-0-2026-2329)

Vulnerability from cvelistv5 – Published: 2026-02-18 14:08 – Updated: 2026-02-18 14:50
VLAI
Title
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
Summary
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Grandstream GXP1610 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Grandstream GXP1615 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Grandstream GXP1620 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Grandstream GXP1625 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Grandstream GXP1628 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Grandstream GXP1630 Affected: 0 , ≤ 1.0.7.80 (semver)
Create a notification for this product.
Date Public
2026-02-18 14:00
Credits
Stephen Fewer, Senior Principal Security Researcher at Rapid7
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2329",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-18T14:50:26.406047Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-18T14:50:51.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GXP1610",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GXP1615",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GXP1620",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GXP1625",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GXP1628",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "GXP1630",
          "vendor": "Grandstream",
          "versions": [
            {
              "lessThanOrEqual": "1.0.7.80",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Stephen Fewer, Senior Principal Security Researcher at Rapid7"
        }
      ],
      "datePublic": "2026-02-18T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T14:08:09.272Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.grandstream.com/"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://firmware.grandstream.com/Release_Note_GXP16xx_1.0.7.81.pdf"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/rapid7/metasploit-framework/pull/20983"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2026-2329",
    "datePublished": "2026-02-18T14:08:09.272Z",
    "dateReserved": "2026-02-11T09:26:52.179Z",
    "dateUpdated": "2026-02-18T14:50:51.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23747 (GCVE-0-2026-23747)

Vulnerability from cvelistv5 – Published: 2026-02-26 17:30 – Updated: 2026-05-26 11:52
VLAI
Title
Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow
Summary
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Golioth Firmware SDK Affected: 0.10.0 , < 0.22.0 (semver)
Unaffected: 48f521bcc0187ada2b9cbdad31dc380e6c7b7332 (git)
Create a notification for this product.
Credits
SecMate (https://secmate.dev)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23747",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T16:07:17.351702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T16:07:30.232Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Firmware SDK",
          "repo": "https://github.com/golioth/golioth-firmware-sdk",
          "vendor": "Golioth",
          "versions": [
            {
              "lessThan": "0.22.0",
              "status": "affected",
              "version": "0.10.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "48f521bcc0187ada2b9cbdad31dc380e6c7b7332",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "SecMate (https://secmate.dev)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit\u0026nbsp;48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM."
            }
          ],
          "value": "Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit\u00a048f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-26T11:52:04.158Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://secmate.dev/disclosures/SECMATE-2025-0015"
        },
        {
          "tags": [
            "technical-description",
            "exploit"
          ],
          "url": "https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/golioth/golioth-firmware-sdk/commit/48f521bcc0187ada2b9cbdad31dc380e6c7b7332"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/golioth-firmware-sdk-payload-utils-stack-based-buffer-overflow"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Golioth Firmware SDK \u003c 0.22.0 Payload Utils Stack-based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-23747",
    "datePublished": "2026-02-26T17:30:13.495Z",
    "dateReserved": "2026-01-15T18:42:20.937Z",
    "dateUpdated": "2026-05-26T11:52:04.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23995 (GCVE-0-2026-23995)

Vulnerability from cvelistv5 – Published: 2026-03-26 14:36 – Updated: 2026-03-26 18:48
VLAI
Title
EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
EVerest everest-core Affected: < 2026.02.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23995",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T18:48:18.083239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T18:48:26.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "everest-core",
          "vendor": "EVerest",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2026.02.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T14:36:30.551Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-p47c-2jpr-mpwx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-p47c-2jpr-mpwx"
        }
      ],
      "source": {
        "advisory": "GHSA-p47c-2jpr-mpwx",
        "discovery": "UNKNOWN"
      },
      "title": "EVerest has stack buffer overflow in ifreq.ifr_name when interface name exceeds IFNAMSIZ"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-23995",
    "datePublished": "2026-03-26T14:36:30.551Z",
    "dateReserved": "2026-01-19T18:49:20.658Z",
    "dateUpdated": "2026-03-26T18:48:26.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-10

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation

Phase: Architecture and Design

Description:

  • Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation

Phase: Implementation

Description:

  • Implement and perform bounds checking on input.
Mitigation

Phase: Implementation

Description:

  • Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11

Phases: Operation, Build and Compilation

Strategy: Environment Hardening

Description:

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.

Back to CWE stats page