CVE-2026-22321

MEDIUM

Stack-Based Buffer Overflow in CLI Login Username Handling over CLI

Title source: cna

Description

A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption.

References (1)

https://certvde.com/de/advisories/VDE-2025-104

Scores

CVSS v3 5.3

EPSS 0.0002

EPSS Percentile 4.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (50)

Phoenix Contact/FL NAT 2008 0.0.0 - 3.53

Phoenix Contact/FL NAT 2208 0.0.0 - 3.53

Phoenix Contact/FL NAT 2304-2GC-2SFP 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2005 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2008 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2008F 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2016 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2105 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2108 0.0.0 - 3.53

Phoenix Contact/FL SWITCH 2116 0.0.0 - 3.53

... and 40 more

Published Mar 18, 2026

Tracked Since Mar 18, 2026