module
Delta Electronics InfraSuite Device Master Deserialization
| Disclosed |
|---|
| May 17, 2023 |
Disclosed
May 17, 2023
Description
Delta Electronics InfraSuite Device Master versions below v1.0.5 have an
unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()'
method of the 'Device-Gateway-Status' process.
The 'ParseUDPPacket()' method reads user-controlled packet data and eventually
calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation,
leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process.
unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()'
method of the 'Device-Gateway-Status' process.
The 'ParseUDPPacket()' method reads user-controlled packet data and eventually
calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation,
leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.