CVE-2022-41629

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions 00.00.01a and prior

Description The issue allows unauthenticated users to access the "aprunning" endpoint, potentially enabling an attacker to retrieve any file from the “RunningConfigs” directory. This could lead to the viewing and modification of configuration files, such as UserListInfo.xml, which contains existing administrative passwords.

Recommendations For Delta Electronics InfraSuite Device Master versions 00.00.01a and prior, consider restricting access to the "aprunning" endpoint as a temporary workaround until a patch is available. Additionally, limit access to the “RunningConfigs” directory and sensitive files like UserListInfo.xml to minimize the risk of exploitation.