CVE-2022-42139

Name of the Vulnerable Software and Affected Versions Delta Electronics DVW-W02W2-E2 version 1.5.0.10

Description The issue is related to a command injection vulnerability via crafted URLs in the web server of the Delta Electronics DVW-W02W2-E2 device. This vulnerability is due to the failure to neutralize special elements, which can allow a remote attacker to execute arbitrary commands and gain full control of the system by sending specially crafted requests.

Recommendations For Delta Electronics DVW-W02W2-E2 version 1.5.0.10, consider disabling access to the web server interface until a patch is available to prevent exploitation of the command injection vulnerability. Restrict access to the device to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the command injection vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.