CVE-2026-22320 in FL SWITCH 2005
Summary
by MITRE • 03/18/2026
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/22/2026
This vulnerability represents a critical stack-based buffer overflow flaw within the command line interface of network equipment, specifically affecting the TFTP file transfer command implementation. The vulnerability arises from insufficient input validation when processing filename arguments, allowing attackers to supply oversized or malformed input that exceeds the allocated buffer space on the stack. The flaw exists in the CLI's handling of TFTP operations where the system fails to properly bounds-check user-supplied filename data before copying it into internal memory buffers. This type of vulnerability is classified under CWE-121 Stack-based Buffer Overflow, which occurs when data is written beyond the bounds of a stack-allocated buffer, potentially overwriting adjacent memory locations including return addresses and stack canaries. The attack vector requires only low-privileged access via Telnet or SSH protocols, making it particularly dangerous as it can be exploited by users who already have legitimate access to the system. The vulnerability directly maps to ATT&CK technique T1210 Exploitation of Remote Services, where attackers leverage existing access to execute code or cause denial of service through buffer overflow conditions. The operational impact of this vulnerability extends beyond simple memory corruption, as the exploitation results in complete service unavailability for both the command line interface and web dashboard components. When the buffer overflow occurs, it corrupts the internal buffer structure and potentially overwrites critical program state information, leading to application crashes and system instability. The resulting denial of service affects both administrative interfaces, rendering the device effectively unusable for legitimate administrative tasks and compromising the availability of network services. The vulnerability's severity is amplified by its accessibility through standard remote access protocols, meaning that any user with Telnet or SSH credentials could potentially trigger the condition. Network administrators face significant operational risks as this flaw can be exploited to disrupt critical network infrastructure, particularly in environments where network equipment is accessed remotely and where availability of management interfaces is crucial for system maintenance and monitoring operations. The exploitability of this vulnerability is further enhanced by the fact that it requires no specialized tools or elevated privileges beyond existing access, making it accessible to a broad range of potential attackers. Mitigation strategies should focus on implementing proper input validation and bounds checking mechanisms, applying firmware updates from vendors, and implementing network segmentation to limit access to management interfaces. Additionally, monitoring for unusual TFTP command usage patterns and implementing robust logging of CLI activities can help detect potential exploitation attempts. The vulnerability demonstrates the importance of defensive programming practices and proper memory management in network equipment, particularly in administrative interfaces that handle user-supplied data. Organizations should also consider implementing network access controls and privilege escalation restrictions to limit the potential impact of such vulnerabilities, while ensuring that all network equipment receives regular security updates and security assessments.