CVE-2023-0432
CVE-2023-0432
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
31 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
Delta Electronics · DX-2100-L1-CNWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →