CVE-2026-22316 - Vulnerability Details - OpenCVE

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00088.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-104

History

Wed, 18 Mar 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description		A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
Title		Buffer Overflow using TFTP Filename
Weaknesses		CWE-121
References		https://certvde.com/de/advisories/VDE-2025-104
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-03-18T07:33:31.584Z

Updated: 2026-03-18T07:33:31.584Z

Reserved: 2026-01-07T11:49:15.177Z

Link: CVE-2026-22316

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-18T08:16:27.070

Modified: 2026-03-18T08:16:27.070

Link: CVE-2026-22316

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22316", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-01-07T11:49:15.177Z", "datePublished": "2026-03-18T07:33:31.584Z", "dateUpdated": "2026-03-18T07:33:31.584Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FL SWITCH 2005", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2008", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2016", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2105", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2108", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2116", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2204-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2205", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX SM ST", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX ST", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206C-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2207-FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2207-FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208C", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2212-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2216", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2216 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2304-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2306-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2306-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2308", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2308 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2312-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2314-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2314-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2404-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2406-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2406-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2408", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2408 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2412-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2414-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2414-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2416", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2416 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2504-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2512-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2514-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2514-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2516", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2516 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2608", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2608 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2708", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2708 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2303-8SP1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2008", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2208", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2304-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2008F", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2316", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2312-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2314-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924-4GC", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5916-8GC-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924SFP-4GC", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5916SFP-8GC-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gabriele Quagliarella from Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.<br>"}], "value": "A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-18T07:33:31.584Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104"}], "source": {"advisory": "VDE-2025-104", "defect": ["CERT@VDE#641898"], "discovery": "UNKNOWN"}, "title": "Buffer Overflow using TFTP Filename", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}