CVE-2023-34347 CRITICAL

CVE-2023-34347: Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

Vendor Delta Electronics

Product Infrasuite Device Master

Weakness CWE-502 · Unsafe deserialization

Published July 10, 2023

Last update November 8, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code.

Key dates

02Disclosure timeline

July 10, 2023 CVE published

November 8, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-34347 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2025-15350 Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization CVE-2025-60091 WordPress WP Gravity Forms Zoho CRM and Bigin plugin <= 1.2.9 - Deserialization of untrusted data vulnerability CVE-2020-6959

CVE-2023-34347: ​Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data

01Description

02Disclosure timeline

03References

04Related CVE

CVE-2023-34347: Delta Electronics InfraSuite Device Master Deserialization of Untrusted Data