CVE-2021-38418: Delta Electronics DIALink
First published: Wed Nov 03 2021(Updated: )
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Deltaww Dialink | <=1.2.4.0 | |
| Delta Electronics DIALink | <=1.2.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Delta Electronics DIALink vulnerability?
The vulnerability ID of the Delta Electronics DIALink vulnerability is CVE-2021-38418.
What is the severity of CVE-2021-38418?
The severity of CVE-2021-38418 is high, with a severity value of 5.9.
What is the affected software for CVE-2021-38418?
The affected software for CVE-2021-38418 is Delta Electronics DIALink versions 1.2.4.0 and prior.
What is the default protocol used by Delta Electronics DIALink?
The default protocol used by Delta Electronics DIALink is HTTP.
What can an attacker do with CVE-2021-38418?
An attacker with CVE-2021-38418 can position themselves between the traffic and perform a man-in-the-middle attack to access unauthorized information.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/deltaww
- canonical/deltaww dialink
- version/deltaww dialink/1.2.4.0
- vendor/delta electronics
- canonical/delta electronics dialink
- version/delta electronics dialink/1.2.4.0