Dialink

dialink

Vendor: Deltaww • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-58321 1Deltaww 1Dialink Sep 26, 2025 Sep 11, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2025-58320 1Deltaww 1Dialink Sep 26, 2025 Sep 11, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability.
CVE-2022-2660 1Deltaww 1Dialink Nov 21, 2024 Dec 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.
CVE-2022-2969 1Deltaww 1Dialink Nov 21, 2024 Dec 1, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the...Show more Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 uses an external input to construct a pathname intended to identify a file or directory located underneath a restricted parent directory. However, the software does not properly neutralize special elements within the pathname, which can cause the pathname to resolve to a location outside of the restricted directory.Show less
CVE-2021-38488 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may al...Show more Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.Show less
CVE-2021-38428 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may all...Show more Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.Show less
CVE-2021-38424 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet applic...Show more The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.Show less
CVE-2021-38422 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
CVE-2021-38420 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious f...Show more Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.Show less
CVE-2021-38418 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without auth...Show more Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.Show less
CVE-2021-38416 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.
CVE-2021-38411 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Read...Show more Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.Show less
CVE-2021-38407 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allo...Show more Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.Show less
CVE-2021-38403 1Deltaww 1Dialink Nov 21, 2024 Nov 3, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which...Show more Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.Show less