PT-2023-7641 · Delta Electronics · Infrasuite Device Master
Hir0Ot
+1
·
Published
2023-11-28
·
Updated
2023-12-11
·
CVE-2023-46690
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Delta Electronics InfraSuite Device Master version 1.0.7
Description
A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an attacker to write to any file in any location of the filesystem, potentially leading to remote code execution. This issue arises due to incorrect restriction of the directory path name with limited access. The exploitation of this vulnerability could enable a remote attacker to execute arbitrary code.
Recommendations
For version 1.0.7, update to a newer version that contains a fix for this issue, as the current version allows for directory traversal and remote code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Infrasuite Device Master