{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1951", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2026-02-05T05:43:01.572Z", "datePublished": "2026-04-24T06:13:35.539Z", "dateUpdated": "2026-04-24T13:08:01.910Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2026-04-24T06:13:35.539Z"}, "title": "No checking of the length of the buffer with the directory name in AS320T", "datePublic": "2026-04-24T05:26:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100: Overflow Buffers"}]}], "affected": [{"vendor": "DeltaWW", "product": "AS320T", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.10", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndIncluding": "1.10"}]}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability."}]}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Upgrade firmware to v1.12 or later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade firmware to v1.12 or later<br>"}]}], "credits": [{"lang": "en", "value": "Sergey Fedonin and Ivan Kurnakov (Positive Technologies)", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T13:07:44.270512Z", "id": "CVE-2026-1951", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:08:01.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-24T13:07:44.270512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T13:07:57.244Z"}}], "cna": {"title": "No checking of the length of the buffer with the directory name in AS320T", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Sergey Fedonin and Ivan Kurnakov (Positive Technologies)"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100: Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "DeltaWW", "product": "AS320T", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.10"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade firmware to v1.12 or later", "supportingMedia": [{"type": "text/html", "value": "Upgrade firmware to v1.12 or later<br>", "base64": false}]}], "datePublic": "2026-04-24T05:26:00.000Z", "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "1.10", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2026-04-24T06:13:35.539Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1951", "state": "PUBLISHED", "dateUpdated": "2026-04-24T13:08:01.910Z", "dateReserved": "2026-02-05T05:43:01.572Z", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "datePublished": "2026-04-24T06:13:35.539Z", "assignerShortName": "Deltaww"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A7A1AC8-9920-4CA3-8B25-6DC5E20AFCDD", "versionEndExcluding": "1.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*", "matchCriteriaId": "207554E0-1FF1-4F4A-AE19-C8F77D3A38D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability."}], "id": "CVE-2026-1951", "lastModified": "2026-05-11T17:42:30.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}]}, "published": "2026-04-24T07:16:09.520", "references": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "tags": ["Vendor Advisory"], "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"}], "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.10]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "AS320T", "source": "cna", "vendor": "DeltaWW"}, "product": "as320t", "vendor": "deltaww"}], "analysis": {"en": {"generated_at": "2026-04-28T20:23:54.152243+00:00", "value": {"mitigation_remediation": ["Upgrade the device firmware to version 1.12 or later as recommended by Delta Electronics.", "If an upgrade cannot be performed immediately, restrict access to the management interfaces or block traffic that could carry the vulnerable directory name input (e.g., via firewall rules).", "Implement network segmentation and disable unnecessary services to minimize exposure to the vulnerable interface."], "summary": {"action": "Immediate Patch", "impact": "Potential for arbitrary code execution via stack-based buffer overflow"}, "threat_synthesis": {"affected_systems": "Delta Electronics AS320T network device, firmware versions prior to 1.12. The vendor lists the affected product as DeltaWW:AS320T; all releases before 1.12 are impacted.", "description_and_impact": "The vulnerability arises from a missing check on the length of the buffer that stores a directory name. This omission can lead to a stack\u2011based buffer overflow (CWE\u2011121) if an attacker supplies an overly long directory name. Although the description does not explicitly detail the consequences, a typical overflow can overwrite return addresses or other control data, giving the attacker the possibility to execute arbitrary code on the device. The impact therefore includes potential compromise of the device\u2019s confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 9.8 indicates high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector would be through any interface that accepts directory names (e.g., file management or network interface) and could be remote if the device is exposed; however, the exact path is not specified."}}}}, "created": "2026-04-28T03:15:05.355292+00:00", "updated": "2026-04-28T20:30:06.187763+00:00", "vendors": ["deltaww", "deltaww$PRODUCT$as320t"]}