cbcvebase.
CVE-2026-22316
published 2026-03-18

CVE-2026-22316: A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow…

medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

Affected

77 ranges· showing 25
VendorProductVersion rangeFixed in
phoenix_contactfl_nat_2008>= 0.0.0 < 3.533.53
phoenix_contactfl_nat_2208>= 0.0.0 < 3.533.53
phoenix_contactfl_nat_2304-2gc-2sfp>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2005>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2008>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2008f>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2016>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2105>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2108>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2116>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2204-2tc-2sfx>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2205>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2fx>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2fx_sm>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2fx_sm_st>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2fx_st>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2sfx>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206-2sfx_pn>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2206c-2fx>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2207-fx>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2207-fx_sm>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2208>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2208_pn>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2208c>= 0.0.0 < 3.533.53
phoenix_contactfl_switch_2212-2tc-2sfx>= 0.0.0 < 3.533.53