CVE-2026-3697 is a stack-based buffer overflow vulnerability identified in the Planet ICG-2510 device, version 1.0_20250811. The vulnerability exists in the function sub_40C8E4 of the /usr/sbin/httpd executable, which handles the Language Package Configuration. Specifically, the vulnerability is triggered by improper validation of the 'Language' argument, allowing an attacker to overflow the stack buffer remotely. This overflow can potentially lead to arbitrary code execution or cause a denial of service by crashing the service. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and no user interaction (UI:N), but it does require low privileges (PR:L) on the device. The impact on confidentiality, integrity, and availability is limited but present (VC:L, VI:L, VA:L). The vendor has been contacted but has not provided any response or patch, and no known exploits have been reported in the wild. The vulnerability is scored 5.3 on the CVSS 4.0 scale, reflecting medium severity. Given the device's role in network infrastructure, exploitation could disrupt services or compromise device integrity.

The potential impact of CVE-2026-3697 includes unauthorized code execution, service disruption, and partial compromise of device confidentiality and integrity. Organizations deploying Planet ICG-2510 devices may face risks such as denial of service or unauthorized access to device functions if exploited. Since the vulnerability can be triggered remotely without user interaction, attackers could leverage it to gain foothold within network environments, potentially moving laterally or disrupting critical services. The lack of vendor response and absence of patches increase the risk exposure duration. While the impact is rated medium, the strategic role of these devices in network management could amplify consequences in critical infrastructure, telecommunications, or enterprise environments. The vulnerability could be leveraged in targeted attacks against organizations relying on this hardware, especially where devices are internet-facing or poorly segmented.

Given the absence of vendor patches, organizations should implement compensating controls immediately. These include isolating Planet ICG-2510 devices from untrusted networks, restricting network access to management interfaces via firewalls or VPNs, and monitoring network traffic for anomalous requests targeting the Language Package Configuration Handler. Employ network intrusion detection systems (NIDS) with custom signatures to detect attempts to exploit the buffer overflow. Regularly audit device firmware versions and configurations to identify affected units. If possible, disable or restrict the vulnerable service or component until a patch is available. Engage with the vendor for updates and consider alternative hardware if timely remediation is not forthcoming. Additionally, implement strict access controls and logging to detect and respond to suspicious activities promptly.