PT-2023-6856 · Delta · Delta Dx-3021

Anurag M. Chevendra

Publicado

2023-01-12

Atualizado

2023-01-20

CVE-2022-4616

CVSS v2.0

9.4

Crítica

Vetor

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Delta DX-3021 versions prior to 1.24

Description The webserver in Delta DX-3021 is vulnerable to command injection through the network diagnosis page. This issue could allow a remote unauthenticated user to add files, delete files, and change file permissions. The vulnerability exists due to insufficient input validation, which can be exploited by a remote attacker to modify data.

Recommendations For versions prior to 1.24, update to version 1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the network diagnosis page until a patch is available. Avoid using the network diagnosis page for sensitive operations until the issue is resolved.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

BDU:2023-07867

CVE-2022-4616

Produtos afetados

Delta Dx-3021

PT-2023-6856 · Delta · Delta Dx-3021

CVE-2022-4616

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8