Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww infrasuite device master vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-41772
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2022-41779
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, ...
Deltaww Infrasuite Device Master
9.1
CVSSv3
CVE-2022-41629
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an malicious user to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify...
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-46690
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an malicious user to write to any file to any location of the filesystem, which could lead to remote code execution.
Deltaww Infrasuite Device Master 1.0.7
8.8
CVSSv3
CVE-2023-1134
Delta Electronics InfraSuite Device Master versions before 1.0.5 are affected by a path traversal vulnerability, which could allow an malicious user to read local files, disclose plaintext credentials, and escalate privileges.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1137
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1139
Delta Electronics InfraSuite Device Master versions before 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1141
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a command injection vulnerability that could allow an malicious user to inject arbitrary commands, which could result in remote code execution.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1143
In Delta Electronics InfraSuite Device Master versions before 1.0.5, an attacker could use Lua scripts, which could allow an malicious user to remotely execute arbitrary code.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1144
Delta Electronics InfraSuite Device Master versions before 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
Deltaww Infrasuite Device Master
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »