Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master

Remote Code Execution Vulnerability in Delta Electronics InfraSuite Device Master

CVE-2023-1133 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.

Learn more about our Web Application Penetration Testing UK.