CVE-2023-1142

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master versions prior to 1.0.5

Description The issue allows an attacker to retrieve system files, credentials, and bypass authentication, resulting in privilege escalation. This can be achieved through URL decoding. Additionally, the vulnerability is related to the restoration of unreliable data in memory, which can be exploited by a remote attacker to execute arbitrary code using specially crafted UDP packets.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive system files and credentials to minimize the risk of exploitation. Avoid using URL decoding to retrieve system files until the issue is resolved.