Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ICSA-22-307-03 Delta Industrial Automation DIALink Path traversal
Vulnerability Description
Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Delta Electronics Industrial Automation DIALink 路径遍历漏洞
Vulnerability Description
Delta Electronics Industrial Automation DIALink是中国台湾台达电子(Delta Electronics)公司的一种工业自动化物联网设备。 Delta Electronics Industrial Automation DIALink存在路径遍历漏洞,该漏洞源于其使用外部输入构造一个路径名,用于标识位于受限制父目录下的文件或目录。然而,该软件不能正确地中和路径名中的特殊元素,这可能导致路径名解析到受限制目录之外的位置。
CVSS Information
N/A
Vulnerability Type
N/A