CVE-2024-3871

Authenticated Remote Command Injection in Delta Electronics DVW

CVSS 9.8 CRITICALEPSS 1.7%CWE-120 CWE-77

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 abr 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Deltra Electronics · DVW-W02W2-E2

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://onekey.com/