Cyber Resilience

CVE-2026-3823

Critical

Published: 09 March 2026

Published
09 March 2026
Modified
10 March 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0068 47.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-3823 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Blackbeartechhive Atop Ehg2408 Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-3823 is a stack-based buffer overflow vulnerability affecting the EHG2408 series switch developed by Atop Technologies. Published on 2026-03-09T07:16:04.420, the flaw is linked to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables control of the program's execution flow, allowing arbitrary code execution with high impacts on confidentiality, integrity, and availability.

Advisories from TWCERT/CC provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10753-e091e-2.html and https://www.twcert.org.tw/tw/cp-132-10752-5a4d9-1.html.

EU & UK References

Vulnerability details

EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Remote unauthenticated/low-priv stack buffer overflow on network switch management interface directly enables T1190 (public-facing exploit for initial access) and T1210 (remote service exploitation); resulting arbitrary code execution with full impact constitutes T1068 (privilege escalation via vuln).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30814Shared CWE-121, CWE-787
CVE-2026-26731Shared CWE-121, CWE-787
CVE-2026-8053Shared CWE-787
CVE-2025-26507Shared CWE-121
CVE-2025-0283Shared CWE-121, CWE-787
CVE-2025-2263Shared CWE-121, CWE-787
CVE-2025-34468Shared CWE-121, CWE-787
CVE-2025-1539Shared CWE-121, CWE-787
CVE-2026-4974Shared CWE-121, CWE-787
CVE-2025-20797Shared CWE-121, CWE-787

Affected Assets

blackbeartechhive
atop ehg2408 firmware
≤ 3.36
blackbeartechhive
atop ehg2408-2sfp firmware
≤ 3.36

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of software flaws like this stack-based buffer overflow to prevent arbitrary code execution.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to block exploitation of stack-based buffer overflows leading to control of execution flow.

prevent

Mandates validation and sanitization of inputs to prevent oversized or malformed data from triggering the stack-based buffer overflow vulnerability.

References