Taiwan CERT warns of critical pre-auth RCE flaw in EHG2408 industrial switch firmware (CVE-2026-3823)

Posted on Author Steve Granger 0

Answer Brief

TWCERT/CC published a TVN advisory for a critical stack-based buffer overflow in ShangShang Technology’s EHG2408 series Ethernet switches. The flaw (CVE-2026-3823, CVSS 9.8) is reachable over the network without authentication and could allow remote attackers to hijack execution flow and run arbitrary code. Affected users are advised to upgrade to firmware v3.36 or later.

Abstract diagram of an industrial network switch within a network topology, with a highlighted critical vulnerability risk node and heatmap-style severity cues.

Executive Summary: TWCERT/CC published a TVN advisory for a critical stack-based buffer overflow in ShangShang Technology’s EHG2408 series Ethernet switches. The flaw (CVE-2026-3823, CVSS 9.8) is reachable over the network without authentication and could allow remote attackers to hijack execution flow and run arbitrary code. Affected users are advised to upgrade to firmware v3.36 or later.

Why It Matters

This advisory is notable because it describes a network-reachable, unauthenticated memory corruption issue in an Ethernet switching product line used in infrastructure environments. TWCERT/CC states that an attacker can remotely control the program’s execution flow and achieve arbitrary code execution, which elevates the risk from simple device instability to potential device takeover.

For global security and infrastructure teams, Taiwan’s TVN disclosures matter because many industrial networking components are deployed across multinational supply chains and may be managed by distributed integrators, making asset visibility and firmware hygiene difficult. A critical pre-auth RCE in edge switching gear can become an initial access path into segmented environments or a way to disrupt plant-floor connectivity, depending on how and where the device is deployed.

The advisory does not describe exploitation in the wild or provide proof-of-concept details in the extracted text. The concrete mitigation given is to update to firmware v3.36 (inclusive) or later for impacted EHG2408/EHG2408-2SFP devices.

Event Type: security
Importance: high

Affected Companies

  • ShangShang Technology (上尚科技)

Affected Sectors

  • Cybersecurity
  • Industrial networking
  • Network infrastructure
  • OT/ICS

Key Numbers

  • CVE: CVE-2026-3823
  • TVN ID: TVN-202603004
  • CVSS v3.1: 9.8 (Critical)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Affected firmware: EHG2408/EHG2408-2SFP firmware versions earlier than v3.36
  • Fixed firmware: v3.36 and later
  • Public disclosure date: 2026-03-09

Timeline

  1. TWCERT/CC publishes TVN-202603004 for CVE-2026-3823 affecting ShangShang Technology EHG2408 series switches.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *