Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deltaww infrasuite device master vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40202
The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without...
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2022-41772
Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution.
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2023-1133
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated mal...
Deltaww Infrasuite Device Master
7.8
CVSSv3
CVE-2023-1135
In Delta Electronics InfraSuite Device Master versions before 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1137
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2023-1140
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability that could allow an malicious user to achieve unauthenticated remote code execution in the context of an administrator.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1143
In Delta Electronics InfraSuite Device Master versions before 1.0.5, an attacker could use Lua scripts, which could allow an malicious user to remotely execute arbitrary code.
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2023-1144
Delta Electronics InfraSuite Device Master versions before 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2022-38142
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserializat...
Deltaww Infrasuite Device Master
8.8
CVSSv3
CVE-2022-41644
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.
Deltaww Infrasuite Device Master
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »