Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Infrasuite_device_master
(Deltaww)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-27 | CVE-2023-1136 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | Infrasuite_device_master | 7.5 | ||
| 2023-03-27 | CVE-2023-1142 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | Infrasuite_device_master | 9.8 | ||
| 2023-03-27 | CVE-2023-1138 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | Infrasuite_device_master | 7.5 | ||
| 2023-03-27 | CVE-2023-1139 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | Infrasuite_device_master | 8.8 | ||
| 2023-03-27 | CVE-2023-1140 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | Infrasuite_device_master | 9.8 | ||
| 2023-03-27 | CVE-2023-1141 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | Infrasuite_device_master | 8.8 | ||
| 2023-07-10 | CVE-2023-34347 | ?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. | Infrasuite_device_master | 9.8 | ||
| 2023-11-30 | CVE-2023-39226 | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet. | Infrasuite_device_master | 9.8 | ||
| 2023-11-30 | CVE-2023-46690 | In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. | Infrasuite_device_master | 8.8 | ||
| 2023-11-30 | CVE-2023-47279 | In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | Infrasuite_device_master | 7.5 |