Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDeltaww Dialink
APPDeltaww≤ 1.2.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
Related vulnerabilities
CVE-2025-58321CRITICAL10.0PL ✓ten sam produkt
Delta Electronics DIALink — path traversal umożliwiający ominięcie uwierzytelnienia
CVE-2022-2660CRITICAL9.8ten sam produkt
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded crypt...
CVE-2025-58320HIGH7.3ten sam produkt
Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2022-2969HIGH8.1ten sam produkt
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pa...
CVE-2021-38418HIGH8.8ten sam produkt
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to b...