Deltaww

Dialink

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2025-58320

  • EPSS 0.05%
  • Veröffentlicht 11.09.2025 08:51:49
  • Zuletzt bearbeitet 26.09.2025 14:43:41

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

10

CVE-2025-58321

  • EPSS 0.11%
  • Veröffentlicht 11.09.2025 08:50:12
  • Zuletzt bearbeitet 26.09.2025 14:43:15

Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.

7.5

CVE-2022-2660

  • EPSS 0.23%
  • Veröffentlicht 13.12.2022 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:01:27

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.

7.5

CVE-2022-2969

  • EPSS 0.2%
  • Veröffentlicht 01.12.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 07:02:00

Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly ne...

4.8

CVE-2021-38403

  • EPSS 0.29%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:00

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remot...

4.8

CVE-2021-38407

  • EPSS 0.29%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:01

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely exec...

4.8

CVE-2021-38411

  • EPSS 0.2%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:01

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacke...

7.8

CVE-2021-38416

  • EPSS 0.05%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:02

Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.

5.9

CVE-2021-38418

  • EPSS 0.07%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:02

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.

7.8

CVE-2021-38420

  • EPSS 0.03%
  • Veröffentlicht 03.11.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:17:03

Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.