cbcvebase.
CVE-2022-4616
published 2023-01-13

CVE-2022-4616: The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a…

PriorityP263critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
4.76%
90.8th percentile
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions.

Affected

4 ranges
VendorProductVersion rangeFixed in
delta_industrial_automation4g_router_dx-3021< 1.241.24
deltawwdx-3021l9_firmware< 1.241.24
linuxlinux_kernel>= 5.19.0 < 6.0.166.0.16
linuxlinux_kernel>= 6.1.0 < 6.1.26.1.2

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable attack surface is the network diagnosis page of the DX-3021 webserver; monitor for unexpected HTTP requests targeting this page, especially those containing shell metacharacters or command sequences
  • The vulnerability is exploitable by a remote unauthenticated user, so no session/auth token is required; alert on command-injection payloads (e.g., semicolons, pipes, backticks, $() constructs) in requests to the network diagnosis endpoint from unauthenticated sessions
  • Affected product is Delta DX-3021L9 running firmware versions prior to V1.24; fingerprint devices on the network and flag any running pre-1.24 firmware as high-risk
  • ·CVSS v3 base score is 7.2 with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H — note the PR:H (High Privileges Required) in the vector string contrasts with the advisory prose stating 'remote unauthenticated user'; analysts should verify actual authentication requirements during exploitation
  • ·No known public exploits exist for this vulnerability as of the advisory date; threat hunting should be prioritized over reactive alerting until a PoC is published

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vendor_redhat2.3LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.