Delta Electronics InfraSuite Device Master Path Traversal
CVE-2023-46690
8.8HIGH
What is CVE-2023-46690?
In Delta Electronics InfraSuite Device Master version 1.0.7, a vulnerability has been identified that allows attackers to execute arbitrary file writes to any location on the filesystem. This flaw poses significant risks, as it can potentially facilitate remote code execution, enabling malicious actors to compromise affected systems. Proper measures and patches should be implemented to mitigate this vulnerability.
Affected Version(s)
InfraSuite Device Master 0 <= 1.0.7
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
hir0ot and Piotr Bazydlo (@chudypb) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.