Vulnerabilities > CVE-2021-38407 - Unspecified vulnerability in Deltaww Dialink 1.2.4.0

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

deltaww

NVD

Published: 2021-11-03

Updated: 2024-11-21

Summary

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.

Vulnerable Configurations

Part	Description	Count
Application	Deltaww Deltaww Dialink 1.2.4.0	1

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02
https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02