Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDeltaww Dialink
APPDeltaww≤ 1.2.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Powiązane podatności
CVE-2025-58321CRITICAL10.0PL ✓ten sam produkt
Delta Electronics DIALink — path traversal umożliwiający ominięcie uwierzytelnienia
CVE-2022-2660CRITICAL9.8ten sam produkt
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded crypt...
CVE-2025-58320HIGH7.3ten sam produkt
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2022-2969HIGH8.1ten sam produkt
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pa...
CVE-2021-38418HIGH8.8ten sam produkt
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to b...