CVE-2026-22320 PUBLISHED

Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

Assigner: CERTVDE
Reserved: 07.01.2026 Published: 18.03.2026 Updated: 18.03.2026

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI and web dashboard to become unavailable and leading to a denial of service.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Phoenix Contact
Product	FL SWITCH 2005
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2008
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2016
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2105
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2108
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2116
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2204-2TC-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2205
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2FX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2FX SM
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2FX SM ST
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2FX ST
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206-2SFX PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2206C-2FX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2207-FX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2207-FX SM
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2208
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2208 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2208C
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2212-2TC-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2214-2FX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2214-2FX SM
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2214-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2214-2SFX PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2216
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2216 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2304-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2306-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2306-2SFP PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2308
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2308 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2312-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2314-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2314-2SFP PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2316
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2316 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2404-2TC-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2406-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2406-2SFX PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2408
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2408 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2412-2TC-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2414-2SFX
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2414-2SFX PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2416
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2416 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2504-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2506-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2506-2SFP PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2508
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2508 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2512-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2514-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2514-2SFP PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2516
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2516 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2608
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2608 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2708
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2708 PN
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2303-8SP1
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL NAT 2008
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL NAT 2208
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL NAT 2304-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2008F
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2316/K1
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2506-2SFP/K1
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 2508/K1
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH TSN 2316
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH TSN 2312-2GC-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH TSN 2314-2SFP
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 5924-4GC
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 5916-8GC-4SFP+
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 5924SFP-4GC
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 5924-4SFP+
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Vendor	Phoenix Contact
Product	FL SWITCH 5916SFP-8GC-4SFP+
Versions	Default: unaffected affected from 0.0.0 to 3.53 (excl.)

Credits

Gabriele Quagliarella from Nozomi Networks finder

References

https://certvde.com/de/advisories/VDE-2025-104

Problem Types

CWE-121 Stack-based Buffer Overflow CWE