Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Strategist
1/21/2015 | 1:16:31 PM
Do you think the current software is adequate to protect our phones or do you think its lack of using antispyware and virus software on phones that is causing the issue? While there will always be user error in responding to scams, if phones were preloaded with protective software we may evade some of these issues.