CVE-2026-22323 - Vulnerability Details - OpenCVE

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://certvde.com/de/advisories/VDE-2025-104

History

Wed, 18 Mar 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description		A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
Title		Cross‑Site Request Forgery in Link Aggregation Configuration
Weaknesses		CWE-352
References		https://certvde.com/de/advisories/VDE-2025-104
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-03-18T07:35:09.084Z

Updated: 2026-03-18T07:35:09.084Z

Reserved: 2026-01-07T11:49:15.178Z

Link: CVE-2026-22323

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-18T08:16:30.513

Modified: 2026-03-18T08:16:30.513

Link: CVE-2026-22323

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22323", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-01-07T11:49:15.178Z", "datePublished": "2026-03-18T07:35:09.084Z", "dateUpdated": "2026-03-18T07:35:09.084Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "FL SWITCH 2005", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2008", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2016", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2105", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2108", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2116", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2204-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2205", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX SM ST", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2FX ST", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2206C-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2207-FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2207-FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2208C", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2212-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2FX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2FX SM", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2214-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2216", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2216 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2304-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2306-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2306-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2308", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2308 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2312-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2314-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2314-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2404-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2406-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2406-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2408", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2408 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2412-2TC-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2414-2SFX", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2414-2SFX PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2416", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2416 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2504-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2512-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2514-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2514-2SFP PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2516", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2516 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2608", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2608 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2708", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2708 PN", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2303-8SP1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2008", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2208", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL NAT 2304-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2008F", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2316/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2506-2SFP/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 2508/K1", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2316", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2312-2GC-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH TSN 2314-2SFP", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924-4GC", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5916-8GC-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924SFP-4GC", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5924-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "FL SWITCH 5916SFP-8GC-4SFP+", "vendor": "Phoenix Contact", "versions": [{"lessThan": "3.53", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gabriele Quagliarella from Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device\u2019s configuration without the victim\u2019s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.<br>"}], "value": "A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device\u2019s configuration without the victim\u2019s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-18T07:35:09.084Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104"}], "source": {"advisory": "VDE-2025-104", "defect": ["CERT@VDE#641898"], "discovery": "UNKNOWN"}, "title": "Cross\u2011Site Request Forgery in Link Aggregation Configuration", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}