CVE-2026-22316
Received Received - Intake
Stack-Based Buffer Overflow in WebUI TFTP Filename Causes DoS

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: CERT VDE

Description
A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22316
EUVD
EUVD-2026-12785
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability allows a remote attacker who already has user privileges for the web user interface (webUI) to exploit a stack-based buffer overflow by setting the TFTP Filename via a POST request.

By sending a specially crafted POST request to set the TFTP Filename, the attacker can trigger this buffer overflow.

This results in a denial of service (DoS) attack, causing the affected system or service to crash or become unavailable.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

An attacker with user privileges on the webUI can cause the affected system or service to crash or become unavailable by exploiting the buffer overflow.

This can disrupt normal operations and potentially cause downtime until the system is restored.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22316. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart