PT-2022-6344 · Delta Electronics · Dx-2100-L1-Cn
Thomas Weber
·
Published
2022-12-13
·
Updated
2023-02-02
·
CVE-2022-42140
CVSS v2.0
8.3
High
| Vector | AV:N/AC:L/Au:M/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Delta Electronics DX-2100-L1-CN version 2.42
Description
The issue exists due to the lack of neutralization of special elements used in the operating system command by the lform/net diagnose component of the Delta Electronics DX-2100-L1-CN router's firmware. This can allow a remote attacker to execute arbitrary commands.
Recommendations
For Delta Electronics DX-2100-L1-CN version 2.42, as a temporary workaround, consider disabling the
lform/net diagnose component until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dx-2100-L1-Cn