CVE-2023-47279

Name of the Vulnerable Software and Affected Versions Delta Electronics InfraSuite Device Master version 1.0.7

Description A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. The issue is related to incorrect restriction of the directory path name, which can be exploited by a remote attacker.

Recommendations For version 1.0.7, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.