CVE-2022-41657

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master version 00.00.01a and prior

Description The issue allows an attacker to use provided data already serialized into memory for file operations through application programmable interfaces (APIs). This could lead to the creation of arbitrary files, which could be used in API operations and potentially result in remote code execution.

Recommendations For Delta Electronics InfraSuite Device Master version 00.00.01a and prior, consider disabling the CtrlLayerNWCmd FileOperation function until a patch is available to prevent directory traversal and remote code execution. Restrict access to the vulnerable CtrlLayerNWCmd FileOperation module to minimize the risk of exploitation. Avoid using the Opcode 512 in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.