Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
The vulnerability classified as CWE-22 (path traversal) allows an attacker to craft a network request containing directory path navigation sequences (e.g., '../') that enable access to resources outside the allowed application area. As a result, the authentication mechanism is bypassed — the attacker gains unauthorized access without providing correct login credentials. The attack vector is network-based, requires no privileges or user interaction, and the scope of impact extends beyond the application itself (Scope: Changed).
Successful exploitation of this vulnerability allows an attacker to completely compromise the confidentiality, integrity, and availability of the system — they can read, modify, or destroy data and disrupt service without any prior authentication.
Apply patches available from the vendor according to the references — Delta Electronics security bulletin available at the address indicated in the references (Delta-PCSA-2025-00016). Until the patch is deployed, it is recommended to restrict network access to the DIALink system only to trusted hosts and isolate the system behind a firewall.
Delta Electronics DIALink — versions indicated in the vendor references (bulletin Delta-PCSA-2025-00016)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HDeltaww Dialink
APPDeltaww< 1.8.0.0
Related vulnerabilities
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded crypt...
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pa...
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allo...
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to b...