CVE-2026-22320

{"id": "CVE-2026-22320", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-18T08:16:29.017", "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104", "source": "info@cert.vde.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow in the CLI's TFTP file\u2011transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en el manejo del comando de transferencia de archivos TFTP de la CLI permite a un atacante con privilegios bajos con acceso Telnet/SSH activar la corrupci\u00f3n de memoria al proporcionar una entrada de nombre de archivo inesperada o sobredimensionada. La explotaci\u00f3n resulta en la corrupci\u00f3n del b\u00fafer interno, haciendo que la CLI y el panel web dejen de estar disponibles y provocando una denegaci\u00f3n de servicio."}], "lastModified": "2026-03-18T14:52:44.227", "sourceIdentifier": "info@cert.vde.com"}