PT-2021-22115 · Delta Electronics · Dialink
Michael Heinzl
·
Published
2021-11-03
·
Updated
2021-11-05
·
CVE-2021-38411
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Delta Electronics DIALink versions 1.2.4.0 and prior
Description
The issue allows an authenticated attacker to inject arbitrary JavaScript code into the
deviceName parameter of the "modbusWriter-Reader" API, potentially enabling remote code execution.Recommendations
For Delta Electronics DIALink versions 1.2.4.0 and prior, consider disabling the
modbusWriter-Reader API or restricting access to the deviceName parameter until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dialink