A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Phoenixcontact
  • Fl Nat 2008
  • Fl Nat 2208
  • Fl Nat 2304-2gc-2sfp
  • Fl Switch 2005
  • Fl Switch 2008
  • Fl Switch 2008f
  • Fl Switch 2016
  • Fl Switch 2105
  • Fl Switch 2108
  • Fl Switch 2116
  • Fl Switch 2204-2tc-2sfx
  • Fl Switch 2205
  • Fl Switch 2206-2fx
  • Fl Switch 2206-2fx Sm
  • Fl Switch 2206-2fx Sm St
  • Fl Switch 2206-2fx St
  • Fl Switch 2206-2sfx
  • Fl Switch 2206-2sfx Pn
  • Fl Switch 2206c-2fx
  • Fl Switch 2207-fx
  • Fl Switch 2207-fx Sm
  • Fl Switch 2208
  • Fl Switch 2208 Pn
  • Fl Switch 2208c
  • Fl Switch 2212-2tc-2sfx
  • Fl Switch 2214-2fx
  • Fl Switch 2214-2fx Sm
  • Fl Switch 2214-2sfx
  • Fl Switch 2214-2sfx Pn
  • Fl Switch 2216
  • Fl Switch 2216 Pn
  • Fl Switch 2303-8sp1
  • Fl Switch 2304-2gc-2sfp
  • Fl Switch 2306-2sfp
  • Fl Switch 2306-2sfp Pn
  • Fl Switch 2308
  • Fl Switch 2308 Pn
  • Fl Switch 2312-2gc-2sfp
  • Fl Switch 2314-2sfp
  • Fl Switch 2314-2sfp Pn
  • Fl Switch 2316
  • Fl Switch 2316/k1
  • Fl Switch 2316 Pn
  • Fl Switch 2404-2tc-2sfx
  • Fl Switch 2406-2sfx
  • Fl Switch 2406-2sfx Pn
  • Fl Switch 2408
  • Fl Switch 2408 Pn
  • Fl Switch 2412-2tc-2sfx
  • Fl Switch 2414-2sfx
  • Fl Switch 2414-2sfx Pn
  • Fl Switch 2416
  • Fl Switch 2416 Pn
  • Fl Switch 2504-2gc-2sfp
  • Fl Switch 2506-2sfp
  • Fl Switch 2506-2sfp/k1
  • Fl Switch 2506-2sfp Pn
  • Fl Switch 2508
  • Fl Switch 2508/k1
  • Fl Switch 2508 Pn
  • Fl Switch 2512-2gc-2sfp
  • Fl Switch 2514-2sfp
  • Fl Switch 2514-2sfp Pn
  • Fl Switch 2516
  • Fl Switch 2516 Pn
  • Fl Switch 2608
  • Fl Switch 2608 Pn
  • Fl Switch 2708
  • Fl Switch 2708 Pn
  • Fl Switch 5916-8gc-4sfp+
  • Fl Switch 5916sfp-8gc-4sfp+
  • Fl Switch 5924-4gc
  • Fl Switch 5924-4sfp+
  • Fl Switch 5924sfp-4gc
  • Fl Switch Tsn 2312-2gc-2sfp
  • Fl Switch Tsn 2314-2sfp
  • Fl Switch Tsn 2316

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Phoenixcontact
  • Fl Nat 2008
  • Fl Nat 2208
  • Fl Nat 2304-2gc-2sfp
  • Fl Switch 2005
  • Fl Switch 2008
  • Fl Switch 2008f
  • Fl Switch 2016
  • Fl Switch 2105
  • Fl Switch 2108
  • Fl Switch 2116
  • Fl Switch 2204-2tc-2sfx
  • Fl Switch 2205
  • Fl Switch 2206-2fx
  • Fl Switch 2206-2fx Sm
  • Fl Switch 2206-2fx Sm St
  • Fl Switch 2206-2fx St
  • Fl Switch 2206-2sfx
  • Fl Switch 2206-2sfx Pn
  • Fl Switch 2206c-2fx
  • Fl Switch 2207-fx
  • Fl Switch 2207-fx Sm
  • Fl Switch 2208
  • Fl Switch 2208 Pn
  • Fl Switch 2208c
  • Fl Switch 2212-2tc-2sfx
  • Fl Switch 2214-2fx
  • Fl Switch 2214-2fx Sm
  • Fl Switch 2214-2sfx
  • Fl Switch 2214-2sfx Pn
  • Fl Switch 2216
  • Fl Switch 2216 Pn
  • Fl Switch 2303-8sp1
  • Fl Switch 2304-2gc-2sfp
  • Fl Switch 2306-2sfp
  • Fl Switch 2306-2sfp Pn
  • Fl Switch 2308
  • Fl Switch 2308 Pn
  • Fl Switch 2312-2gc-2sfp
  • Fl Switch 2314-2sfp
  • Fl Switch 2314-2sfp Pn
  • Fl Switch 2316
  • Fl Switch 2316/k1
  • Fl Switch 2316 Pn
  • Fl Switch 2404-2tc-2sfx
  • Fl Switch 2406-2sfx
  • Fl Switch 2406-2sfx Pn
  • Fl Switch 2408
  • Fl Switch 2408 Pn
  • Fl Switch 2412-2tc-2sfx
  • Fl Switch 2414-2sfx
  • Fl Switch 2414-2sfx Pn
  • Fl Switch 2416
  • Fl Switch 2416 Pn
  • Fl Switch 2504-2gc-2sfp
  • Fl Switch 2506-2sfp
  • Fl Switch 2506-2sfp/k1
  • Fl Switch 2506-2sfp Pn
  • Fl Switch 2508
  • Fl Switch 2508/k1
  • Fl Switch 2508 Pn
  • Fl Switch 2512-2gc-2sfp
  • Fl Switch 2514-2sfp
  • Fl Switch 2514-2sfp Pn
  • Fl Switch 2516
  • Fl Switch 2516 Pn
  • Fl Switch 2608
  • Fl Switch 2608 Pn
  • Fl Switch 2708
  • Fl Switch 2708 Pn
  • Fl Switch 5916-8gc-4sfp+
  • Fl Switch 5916sfp-8gc-4sfp+
  • Fl Switch 5924-4gc
  • Fl Switch 5924-4sfp+
  • Fl Switch 5924sfp-4gc
  • Fl Switch Tsn 2312-2gc-2sfp
  • Fl Switch Tsn 2314-2sfp
  • Fl Switch Tsn 2316
References
Link Providers
https://certvde.com/de/advisories/VDE-2025-104 cve-icon cve-icon
History

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316
Vendors & Products Phoenixcontact
Phoenixcontact fl Nat 2008
Phoenixcontact fl Nat 2208
Phoenixcontact fl Nat 2304-2gc-2sfp
Phoenixcontact fl Switch 2005
Phoenixcontact fl Switch 2008
Phoenixcontact fl Switch 2008f
Phoenixcontact fl Switch 2016
Phoenixcontact fl Switch 2105
Phoenixcontact fl Switch 2108
Phoenixcontact fl Switch 2116
Phoenixcontact fl Switch 2204-2tc-2sfx
Phoenixcontact fl Switch 2205
Phoenixcontact fl Switch 2206-2fx
Phoenixcontact fl Switch 2206-2fx Sm
Phoenixcontact fl Switch 2206-2fx Sm St
Phoenixcontact fl Switch 2206-2fx St
Phoenixcontact fl Switch 2206-2sfx
Phoenixcontact fl Switch 2206-2sfx Pn
Phoenixcontact fl Switch 2206c-2fx
Phoenixcontact fl Switch 2207-fx
Phoenixcontact fl Switch 2207-fx Sm
Phoenixcontact fl Switch 2208
Phoenixcontact fl Switch 2208 Pn
Phoenixcontact fl Switch 2208c
Phoenixcontact fl Switch 2212-2tc-2sfx
Phoenixcontact fl Switch 2214-2fx
Phoenixcontact fl Switch 2214-2fx Sm
Phoenixcontact fl Switch 2214-2sfx
Phoenixcontact fl Switch 2214-2sfx Pn
Phoenixcontact fl Switch 2216
Phoenixcontact fl Switch 2216 Pn
Phoenixcontact fl Switch 2303-8sp1
Phoenixcontact fl Switch 2304-2gc-2sfp
Phoenixcontact fl Switch 2306-2sfp
Phoenixcontact fl Switch 2306-2sfp Pn
Phoenixcontact fl Switch 2308
Phoenixcontact fl Switch 2308 Pn
Phoenixcontact fl Switch 2312-2gc-2sfp
Phoenixcontact fl Switch 2314-2sfp
Phoenixcontact fl Switch 2314-2sfp Pn
Phoenixcontact fl Switch 2316
Phoenixcontact fl Switch 2316/k1
Phoenixcontact fl Switch 2316 Pn
Phoenixcontact fl Switch 2404-2tc-2sfx
Phoenixcontact fl Switch 2406-2sfx
Phoenixcontact fl Switch 2406-2sfx Pn
Phoenixcontact fl Switch 2408
Phoenixcontact fl Switch 2408 Pn
Phoenixcontact fl Switch 2412-2tc-2sfx
Phoenixcontact fl Switch 2414-2sfx
Phoenixcontact fl Switch 2414-2sfx Pn
Phoenixcontact fl Switch 2416
Phoenixcontact fl Switch 2416 Pn
Phoenixcontact fl Switch 2504-2gc-2sfp
Phoenixcontact fl Switch 2506-2sfp
Phoenixcontact fl Switch 2506-2sfp/k1
Phoenixcontact fl Switch 2506-2sfp Pn
Phoenixcontact fl Switch 2508
Phoenixcontact fl Switch 2508/k1
Phoenixcontact fl Switch 2508 Pn
Phoenixcontact fl Switch 2512-2gc-2sfp
Phoenixcontact fl Switch 2514-2sfp
Phoenixcontact fl Switch 2514-2sfp Pn
Phoenixcontact fl Switch 2516
Phoenixcontact fl Switch 2516 Pn
Phoenixcontact fl Switch 2608
Phoenixcontact fl Switch 2608 Pn
Phoenixcontact fl Switch 2708
Phoenixcontact fl Switch 2708 Pn
Phoenixcontact fl Switch 5916-8gc-4sfp+
Phoenixcontact fl Switch 5916sfp-8gc-4sfp+
Phoenixcontact fl Switch 5924-4gc
Phoenixcontact fl Switch 5924-4sfp+
Phoenixcontact fl Switch 5924sfp-4gc
Phoenixcontact fl Switch Tsn 2312-2gc-2sfp
Phoenixcontact fl Switch Tsn 2314-2sfp
Phoenixcontact fl Switch Tsn 2316

Wed, 18 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.
Title Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-18T07:34:23.026Z

Reserved: 2026-01-07T11:49:15.178Z

Link: CVE-2026-22320

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-18T08:16:29.017

Modified: 2026-03-18T08:16:29.017

Link: CVE-2026-22320

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-18T10:41:42Z