Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-083HistoryJan 18, 2023 - 12:00 a.m.
Delta Electronics InfraSuite Device Master ExeCommandInCommandLineMode Exposed Dangerous Function Remote Code Execution Vulnerability
2023-01-1800:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
20
delta electronics
infrasuite device master
execommandincommandlinemode
dangerous function
remote code execution
vulnerability
authentication bypass
EPSS
0.004
Percentile
73.3%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ExeCommandInCommandLineMode function. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of an administrator.
Related
nvd
nvd
CVE-2022-40202
2022-10-31 20:15:12
zdi
zdi
cve
cve
CVE-2022-40202
2022-10-31 20:15:12
prion
prion
Remote code execution
2022-10-31 20:15:00
cvelist
cvelist
CVE-2022-40202
2022-10-31 19:35:08
ics
ics
Delta Electronics InfraSuite Device Master (Update A)
2023-01-18 12:00:00