Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.
The vulnerability consists of the lack of input data length validation passed as a directory name to a function that copies data to a stack buffer. An attacker can provide a deliberately crafted, excessively long directory name, causing a stack-based buffer overflow. Stack overflow can enable overwriting the return address or other critical control structures of the program, leading to code execution control takeover.
An unauthenticated remote attacker can gain full control over the device — including executing arbitrary code (RCE), compromising data confidentiality and integrity, and causing system unavailability.
Patches available from the manufacturer should be applied according to the references — Delta Electronics security bulletin Delta-PCSA-2026-00006 available in the manufacturer's file center
Delta Electronics AS320T — specific firmware versions indicated in the manufacturer's references (bulletin Delta-PCSA-2026-00006)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDeltaww As320t
HWDeltawwwszystkie wersjeDeltaww As320t Firmware
OSDeltaww< 1.12
Related vulnerabilities
Delta Electronics AS320T — błędna kalkulacja rozmiaru bufora w handlerze GET/PUT
Delta Electronics AS320T — przepełnienie bufora stosu przez nazwę pliku
Delta Electronics AS320T — DoS przez nieudokumentowaną subfunkcję
Stack-based Buffer Overflow w Delta Electronics COMMGR2
Delta Electronics DIAView — krytyczne podatności (CVE-2025-62581)