CVE-2023-0432

CVE-2023-0432: CVE-2023-0432

Vendor Delta Electronics

Product DX-2100-L1-CN

Weakness CWE-79 · XSS

Published March 31, 2023

Last update January 17, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.

Key dates

02Disclosure timeline

March 31, 2023 CVE published

January 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0432 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-1766 Download Manager <= 3.2.86 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CVE-2024-6169 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' CVE-2025-11801 AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-43716 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) CVE-2023-5707 SEO Slider <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode