Phoenix Contact Fl Switch 5916Sfp-8Gc-4Sfp+ vulnerabilities

CVE-2026-22323 [HIGH] CWE-352 CVE-2026-22323: A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remot A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was se

CVE-2026-22317 [HIGH] CWE-77 CVE-2026-22317: A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a hig A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.

CVE-2026-22322 [HIGH] CWE-79 CVE-2026-22322: A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface al A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, enabling unauthorized actions such as interf

CVE-2026-22320 [MEDIUM] CWE-121 CVE-2026-22320: A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileg A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to

CVE-2026-22321 [MEDIUM] CWE-121 CVE-2026-22321: A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthentic A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity avai

CVE-2026-22319 [MEDIUM] CWE-121 CVE-2026-22319: A stack-based buffer overflow in the device's file installation workflow allows a high-privileged at A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack.

CVE-2026-22316 [MEDIUM] CWE-121 CVE-2026-22316: A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.

CVE-2026-22318 [MEDIUM] CWE-121 CVE-2026-22318: A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows A stack-based buffer overflow vulnerability in the device's file transfer parameter workflow allows a high-privileged attacker to send oversized POST parameters, causing memory corruption in an internal process, resulting in a DoS attack.