CVE-2022-4616
https://notcve.org/view.php?id=CVE-2022-4616
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. El servidor web en las versiones Delta DX-3021 anteriores a la 1.24 es vulnerable a la inyección de comandos a través de la página de diagnóstico de red. Esta vulnerabilidad podría permitir que un usuario remoto no autenticado agregue archivos, elimine archivos y cambie los permisos de los archivos. • https://github.com/ahanel13/CVE-2022-4616-POC https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&CID=06&itemID=060308&downloadID=DX&dataType=12&sort_expr=cdate&sort_dir=DESC https://www.cisa.gov/uscert/ics/advisories/icsa-22-354-05 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-2966 – Delta Electronics DOPSoft Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2022-2966
Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This issue affects DOPSoft: All Versions. Vulnerabilidad de lectura fuera de los límites en Delta Electronics DOPSoft. Este problema afecta a DOPSoft: todas las versiones. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-244-01 • CWE-125: Out-of-bounds Read •
CVE-2022-42141
https://notcve.org/view.php?id=CVE-2022-42141
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scripting (XSS) via lform/urlfilter. Delta Electronics DX-2100-L1-CN 2.42 es vulnerable a Cross Site Scripting (XSS) a través de lform/urlfilter. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-delta-electronics-dx-2100-l1-cn • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-42139
https://notcve.org/view.php?id=CVE-2022-42139
Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. Delta Electronics DVW-W02W2-E2 1.5.0.10 es vulnerable a la inyección de comandos a través de una URL manipulada. • https://cyberdanube.com/en/en-authenticated-command-injection-in-delta-electronics-dvw-w02w2-e2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-42140
https://notcve.org/view.php?id=CVE-2022-42140
Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. Delta Electronics DX-2100-L1-CN 2.42 es vulnerable a la inyección de comandos a través de lform/net_diagnose. • https://cyberdanube.com/en/en-multiple-vulnerabilities-in-delta-electronics-dx-2100-l1-cn • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •