Delta Electronics InfraSuite Device Master Deserialization

Posted on 08 June 2023

Delta Electronics InfraSuite Device Master versions below 1.0.5 have an unauthenticated .NET deserialization vulnerability within the ParseUDPPacket() method of the Device-Gateway-Status process. The ParseUDPPacket() method reads user-controlled packet data and eventually calls BinaryFormatter.Deserialize() on what it determines to be the packet header without appropriate validation, leading to unauthenticated code execution as the user running the Device-Gateway-Status process.

TOP

Malware :

None in database

Last 20

Exploits :

Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload
FlatPress 1.3 Shell Upload
Laravel Framework 11 Credential Disclosure

Last 20