CVE-2026-22321 in FL SWITCH 2005
Summary
by MITRE • 03/18/2026
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thread handling the login attempt, forcing the session to close. Because other CLI sessions remain unaffected, the impact is limited to a low‑severity availability disruption.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/22/2026
This vulnerability represents a stack-based buffer overflow within the command line interface login mechanism of network devices that support both telnet and ssh protocols. The flaw manifests when an unauthenticated attacker submits an oversized or malformed username input during the authentication process. The vulnerability resides in the device's login routine where insufficient input validation allows maliciously crafted username data to exceed the allocated stack buffer space, leading to memory corruption. According to CWE-121, this constitutes a classic stack buffer overflow condition where the program fails to properly bounds-check user-supplied input before copying it into a fixed-size buffer. The attack vector specifically targets the authentication phase of network device access, exploiting the lack of proper input sanitization in the cli login handler. The implementation follows standard network device security patterns where telnet and ssh protocols share common authentication routines, making the vulnerability applicable across multiple access methods. The exploitation requires minimal privileges since the attack targets an unauthenticated state, aligning with ATT&CK technique T1110.001 for credential access through brute force or password guessing.
The operational impact of this vulnerability manifests as a thread-level crash within the device's authentication handling process. When the oversized username input triggers the buffer overflow, the affected thread terminates abruptly, causing the current login session to close immediately. This disruption affects only the specific login attempt and does not compromise the overall device functionality or security posture. Other concurrent cli sessions remain fully operational, preventing cascading failures throughout the device's network management capabilities. The limited scope of impact aligns with the low severity classification, as the vulnerability does not provide privilege escalation or data compromise capabilities. However, the availability disruption can be leveraged as a denial-of-service vector, particularly in environments where device accessibility is critical for network operations. The device's response to the overflow condition follows typical stack corruption behavior where the program's execution flow becomes unpredictable, resulting in immediate thread termination rather than graceful error handling.
Mitigation strategies for this vulnerability should focus on implementing robust input validation mechanisms within the cli login routines. The primary defense involves enforcing strict bounds checking on all user-supplied input before processing, ensuring that username lengths cannot exceed predefined maximum limits. Network administrators should configure devices to reject login attempts with oversized credentials and implement rate limiting to prevent automated exploitation attempts. The implementation should follow security best practices for buffer management and input sanitization, including the use of secure coding techniques that prevent stack-based buffer overflows. Device vendors should consider implementing automatic session cleanup mechanisms that can detect and recover from thread termination conditions without requiring manual intervention. Regular firmware updates and security patches should address the underlying code vulnerabilities, while network monitoring solutions should be configured to detect unusual login patterns that may indicate exploitation attempts. The vulnerability's characteristics align with standard defensive measures recommended for network device security, including the implementation of secure programming practices and comprehensive input validation controls that protect against similar buffer overflow conditions across multiple protocol implementations.