PT-2021-22121 · Delta Electronics · Dialink

Michael Heinzl

Published

2021-11-03

Updated

2021-11-05

CVE-2021-38424

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Delta Electronics DIALink versions 1.2.4.0 and prior

Description The issue allows an attacker to inject formulas into the tag data through the tag interface. These formulas can then be executed when the data is opened with a spreadsheet application.

Recommendations For Delta Electronics DIALink versions 1.2.4.0 and prior, consider disabling the tag interface functionality until a patch is available to prevent the injection and execution of malicious formulas.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2021-38424

Affected Products

Dialink

PT-2021-22121 · Delta Electronics · Dialink

CVE-2021-38424

Weakness Enumeration

Related Identifiers

Affected Products

References · 4