CVE-2024-3871: Authenticated Remote Command Injection in Delta Electronics DVW

First published: Tue Apr 16 2024(Updated: )

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

Credit: research@onekey.com

Remedy

Since DVW-W02W2 is no longer in production and maintenance, Delta decided not to patch these vulnerabilities. There is no solution.

Never miss a vulnerability like this again

Reference Links

https://onekey.com/

collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/last-modified-date
agent/event
agent/tags

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.