{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1952", "assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "state": "PUBLISHED", "assignerShortName": "Deltaww", "dateReserved": "2026-02-05T05:43:02.712Z", "datePublished": "2026-04-24T06:08:58.826Z", "dateUpdated": "2026-04-24T15:26:08.538Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b", "shortName": "Deltaww", "dateUpdated": "2026-04-24T06:08:58.826Z"}, "title": "Denial of service via the undocumented subfunction in AS320T", "datePublic": "2026-04-24T05:26:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-912", "description": "CWE-912 Hidden Functionality", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-125", "descriptions": [{"lang": "en", "value": "CAPEC-125: Flooding"}]}], "affected": [{"vendor": "DeltaWW", "product": "AS320T", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.14", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*", "versionStartIncluding": "0", "versionEndIncluding": "1.14"}]}]}], "descriptions": [{"lang": "en", "value": "Delta Electronics AS320T has denial of service via the undocumented subfunction\u00a0vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Delta Electronics AS320T has denial of service via the undocumented subfunction&nbsp;vulnerability."}]}], "references": [{"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Upgrade firmware to v1.16 or later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Upgrade firmware to v1.16 or later<br>"}]}], "credits": [{"lang": "en", "value": "Sergey Fedonin and Ivan Kurnakov (Positive Technologies)", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-24T15:25:54.104259Z", "id": "CVE-2026-1952", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-24T15:26:08.538Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:deltaww:as320t_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC2A0FA6-0941-49B4-BBDD-D4D7E886D4E6", "versionEndExcluding": "1.16", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:deltaww:as320t:-:*:*:*:*:*:*:*", "matchCriteriaId": "207554E0-1FF1-4F4A-AE19-C8F77D3A38D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Delta Electronics AS320T has denial of service via the undocumented subfunction\u00a0vulnerability."}], "id": "CVE-2026-1952", "lastModified": "2026-05-11T17:42:47.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-24T07:16:09.627", "references": [{"source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "tags": ["Vendor Advisory"], "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"}], "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-912"}], "source": "759f5e80-c8e1-4224-bead-956d7b33c98b", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.14]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "AS320T", "source": "cna", "vendor": "DeltaWW"}, "product": "as320t", "vendor": "deltaww"}], "analysis": {"en": {"generated_at": "2026-04-28T06:56:47.478210+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011provided firmware upgrade to version\u202f1.16 or newer, which eliminates the vulnerable subfunction.", "If an upgrade cannot be performed immediately, restrict external access to the device via firewall rules or network segmentation to prevent attackers from sending the undocumented command sequence.", "Monitor device logs and traffic for repeated attempts to invoke the subfunction and investigate any service interruptions promptly."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Delta Electronics AS320T devices are potentially impacted, regardless of their current firmware release, unless the device has already been upgraded to firmware version 1.16 or later. No specific prior firmware version boundary is listed, so users should presume that any out\u2011of\u2011date firmware is vulnerable.", "description_and_impact": "Delta Electronics AS320T firmware contains an undocumented subfunction that can be abused to cause a denial of service. The vulnerability allows an attacker to trigger the subfunction, forcing the device into a non\u2011responsive state and disrupting its intended operation. No information on the exact level of security impact beyond service interruption is provided, and the weakness is classified as CWE-912, indicating a flaw in the handling of a command or function call.", "risk_and_exploitability": "The CVSS score of 9.8 signals a critical severity, yet the EPSS score is below 1\u202f% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of active exploitation at present. The attack vector is not explicitly disclosed; it is inferred to require access to the device\u2019s command interface or the ability to send the undocumented subfunction to the device. Because the weakness is purely a denial\u2011of\u2011service issue, confidentiality and integrity are not directly compromised, but availability of the device is severely affected. The high severity score warrants prompt mitigation, even though exploitation likelihood appears low."}}}}, "created": "2026-04-27T22:00:15.574233+00:00", "updated": "2026-04-28T07:00:09.535238+00:00", "vendors": ["deltaww", "deltaww$PRODUCT$as320t"]}