Delta Electronics AS320T Flaws Expose Devices to Remote Buffer Overflow Attacks
Delta Electronics AS320T devices were disclosed with multiple high-severity memory-handling vulnerabilities in the product's web service, including CVE-2026-1949 and CVE-2026-1951. The flaws affect request processing in the device's GET/PUT handler and directory-name buffer handling, where incorrect stack buffer size calculation and missing length checks can lead to buffer overflow conditions. Both issues are rated with CVSS v3.1 vectors indicating network-exploitable attacks requiring no privileges or user interaction and carrying high impact to confidentiality, integrity, and availability.
Vendor documentation from Delta Electronics links the disclosures to additional related issues, including CVE-2026-1950 and CVE-2026-1952, suggesting a broader set of web-service weaknesses in the AS320T platform. Separately, CVE-2026-6356 was published for an unrelated web application flaw that allows a standard user to escalate privileges to super administrator through parameter manipulation, enabling unauthorized access to and modification of sensitive information.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
CVE-2026-1952 recorded for Delta Electronics AS320T
A new CVE entry, CVE-2026-1952, was recorded for the Delta Electronics AS320T describing a denial-of-service issue involving an undocumented subfunction. The record mapped the flaw to CWE-912, assigned a critical CVSS v3.1 vector for network-reachable exploitation without privileges or user interaction, and referenced Delta advisory Delta-PCSA-2026-00006.
CVE-2026-1951 recorded for Delta Electronics AS320T
A new CVE entry, CVE-2026-1951, was recorded for the Delta Electronics AS320T describing a failure to check the length of a buffer associated with the directory name, resulting in a classic buffer overflow condition. The vulnerability was mapped to CWE-121 and assigned a critical CVSS v3.1 vector for remote exploitation without privileges or user interaction.
CVE-2026-1949 recorded for Delta Electronics AS320T
A new CVE entry, CVE-2026-1949, was recorded for the Delta Electronics AS320T describing an incorrect calculation of stack buffer size in the GET/PUT request handler of the device web service. The issue was mapped to CWE-131 and scored with a critical CVSS v3.1 vector indicating remote exploitation with high impact.
CVE-2026-6356 record updated with technical details
The CVE-2026-6356 record was updated to add a description of a web application flaw that lets a standard user escalate privileges to super administrator via parameter manipulation. The update also added a GitHub reference, CWE-1220, and a CVSS v3.1 vector indicating high confidentiality and integrity impact.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
CVE-2026-1949 - Incorrect calculation of buffer size on the stack in AS320T
cvefeed.io
Open sourceCVE-2026-1951 - No checking of the length of the buffer with the directory name in AS320T
cvefeed.io
Open sourceCVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
cvefeed.io
Open sourceCVE-2026-6356 - CVE-2026-6356
cvefeed.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Delta Electronics CNCSoft-G2 DPAX File Parsing Out-of-Bounds Write RCE
**Delta Electronics CNCSoft-G2** contains an out-of-bounds write vulnerability in the *DOPSoft* component’s **DPAX file parsing** that can lead to **remote code execution** in the context of the current process. The issue is tracked as **CVE-2026-3094** (ZDI-CAN-28415 / **ZDI-26-151**) and is rated **CVSS 7.8 (High)** with the vector `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`; exploitation requires **user interaction** (e.g., opening a malicious file or visiting a malicious page that triggers processing of attacker-controlled content). Affected versions are **CNCSoft-G2 prior to V2.1.0.39** (CWE-787), and Delta Electronics has issued an update to remediate the flaw. CISA’s ICS advisory highlights the potential impact to **critical manufacturing** environments and recommends standard OT hardening measures, including minimizing network exposure of control system assets, placing devices behind firewalls and isolating OT from business networks, and using more secure remote access methods (e.g., VPNs) when remote connectivity is required. Separately, CISA also added **Hikvision CVE-2017-7921** and **Rockwell Automation CVE-2021-22681** (both **CVSS 9.8**) to the **Known Exploited Vulnerabilities (KEV)** catalog due to evidence of active exploitation; this KEV action is unrelated to the Delta Electronics CNCSoft-G2 disclosure and represents a different set of exploited product vulnerabilities requiring separate remediation prioritization.
Mar 21, 2026
CISA ICS Advisories for Delta Electronics ASDA-Soft and Honeywell CCTV Vulnerabilities
CISA published ICS advisories detailing vulnerabilities in **Delta Electronics ASDA-Soft** and **Honeywell CCTV products**. Delta Electronics *ASDA-Soft* (versions `<= 7.2.0.0`) contains a **stack-based buffer overflow** (CWE-121) triggered when parsing `.par` files due to improper validation of a user-controlled size parameter, which can enable out-of-bounds writes and corruption of the structured exception handler (**CVE-2026-1361**, CVSS v3.1 **7.8 High**, `CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`). Honeywell CCTV devices are affected by **missing authentication for a critical function** (CWE-306) where an unauthenticated API endpoint can allow an attacker to change the “forgot password” recovery email address, enabling **account takeover** and unauthorized access to camera feeds (**CVE-2026-1670**, CVSS v3.1 **9.8 Critical**, `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`). A separate report described a different CISA ICS advisory for **Airleader Master** involving an **unrestricted file upload** that could allow unauthenticated **remote code execution** (**CVE-2026-1358**, CVSS **9.8**), affecting versions up to `6.381`; it noted no known public exploits at the time and recommended exposure reduction measures such as restricting internet access and segmenting ICS networks. This Airleader issue is not part of the same disclosure as the Delta Electronics and Honeywell advisories, which cover distinct products and CVEs released under different advisory identifiers.
Mar 21, 2026
Critical RCE and Default Password Flaws Disclosed in Silex SD-330AC and AMC Manager
Silex Technology's **SD-330AC** and **AMC Manager** were disclosed with two serious vulnerabilities that expose devices to remote compromise and unauthorized reconfiguration. The most severe issue, `CVE-2026-32956`, is a **heap-based buffer overflow** in redirect URL processing that can enable **arbitrary code execution** over the network without authentication or user interaction. The flaw is tracked as `CWE-122` and carries a critical `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating full compromise of confidentiality, integrity, and availability is possible. A second flaw, `CVE-2026-32965`, affects devices left in their **factory-default state** and allows them to be configured with a **null string password**, creating an insecure initialization condition. Classified as `CWE-1188`, the vulnerability is network-accessible and primarily threatens device integrity, with a `CVSS v3.1` vector of `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N`. The issues were reported through **JPCERT/CC** and published via **JVN** and Silex security advisories in Japanese and English, putting administrators on notice to review exposed deployments and initialization practices.
Apr 22, 2026