CVE-2021-38424 MEDIUM

CVE-2021-38424: Delta Electronics DIALink

Vendor Delta Electronics
Product DIALink
Weakness CWE-1236
Published November 3, 2021
Last update September 16, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.

Key dates

02Disclosure timeline

November 3, 2021 CVE published
September 16, 2024 Record updated