CVE-2024-3871

Authenticated Remote Command Injection in Delta Electronics DVW

CVSS 9.8 CRITICALEPSS 1.7%CWE-120 CWE-77

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 abr 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Deltra Electronics · DVW-W02W2-E2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://onekey.com/