CVE-2026-3823
Published: 09 March 2026
Summary
CVE-2026-3823 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Blackbeartechhive Atop Ehg2408 Firmware. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-3823 is a stack-based buffer overflow vulnerability affecting the EHG2408 series switch developed by Atop Technologies. Published on 2026-03-09T07:16:04.420, the flaw is linked to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation enables control of the program's execution flow, allowing arbitrary code execution with high impacts on confidentiality, integrity, and availability.
Advisories from TWCERT/CC provide further details on the vulnerability, available at https://www.twcert.org.tw/en/cp-139-10753-e091e-2.html and https://www.twcert.org.tw/tw/cp-132-10752-5a4d9-1.html.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10301
Vulnerability details
EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated/low-priv stack buffer overflow on network switch management interface directly enables T1190 (public-facing exploit for initial access) and T1210 (remote service exploitation); resulting arbitrary code execution with full impact constitutes T1068 (privilege escalation via vuln).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and correction of software flaws like this stack-based buffer overflow to prevent arbitrary code execution.
Implements memory protections such as stack canaries, ASLR, and DEP to block exploitation of stack-based buffer overflows leading to control of execution flow.
Mandates validation and sanitization of inputs to prevent oversized or malformed data from triggering the stack-based buffer overflow vulnerability.