VYPR

InfraSuite Device Master

by Delta Electronics

CVEs (32)

  • CVE-2022-41779HigOct 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed,…

  • CVE-2022-41644HigOct 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service state or escalate their own privileges.

  • CVE-2023-1145HigMar 27, 2023
    risk 0.51cvss 7.8epss 0.00

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

  • CVE-2023-1135HigMar 27, 2023
    risk 0.51cvss 7.8epss 0.00

    In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.

  • CVE-2023-47279HigNov 30, 2023
    risk 0.49cvss 7.5epss 0.01

    In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying.

  • CVE-2023-1142HigMar 27, 2023
    risk 0.49cvss 7.5epss 0.01

    In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

  • CVE-2023-1138HigMar 27, 2023
    risk 0.49cvss 7.5epss 0.01

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials.

  • CVE-2022-41776HigOct 31, 2022
    risk 0.49cvss 7.5epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to trigger the WriteConfiguration method, which could allow an attacker to provide new values for user configuration files such as UserListInfo.xml. This could lead to the…

  • CVE-2022-41629HigOct 31, 2022
    risk 0.49cvss 7.5epss 0.01

    Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “RunningConfigs” directory. The attacker could then view and modify…

  • CVE-2023-1134HigMar 27, 2023
    risk 0.46cvss 7.1epss 0.01

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.

  • CVE-2023-34316MedJul 10, 2023
    risk 0.42cvss 6.5epss 0.01

    ​An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.

  • CVE-2023-1137MedMar 27, 2023
    risk 0.42cvss 6.5epss 0.01

    Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.

Page 2 of 2