CVE-2026-22316

MEDIUM

Buffer Overflow using TFTP Filename

Title source: cna

Description

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

References (1)

Core 1

Core References

https://certvde.com/de/advisories/VDE-2025-104

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (50)

Phoenix Contact/FL NAT 2008 0.0.0 - 3.53

Phoenix Contact/FL NAT 2208 0.0.0 - 3.53

Phoenix Contact/FL NAT 2304-2GC-2SFP 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2005 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2008 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2008F 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2016 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2105 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2108 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2116 0.0.0 - 3.53

... and 40 more

Published Mar 18, 2026

Tracked Since Mar 18, 2026