CVE-2023-1137
published 2023-03-27CVE-2023-1137: Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext…
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.55%
41.8th percentile
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| delta_electronics | infrasuite_device_master | < 1.0.5 | 1.0.5 |
| deltaww | infrasuite_device_master | < 1.0.5 | 1.0.5 |
| linux | linux_kernel | >= 2.6.16 < 4.14.323 | 4.14.323 |
| linux | linux_kernel | >= 4.15.0 < 4.19.292 | 4.19.292 |
| linux | linux_kernel | >= 4.20.0 < 5.4.254 | 5.4.254 |
| linux | linux_kernel | >= 5.11.0 < 5.15.127 | 5.15.127 |
| linux | linux_kernel | >= 5.16.0 < 6.1.46 | 6.1.46 |
| linux | linux_kernel | >= 5.5.0 < 5.10.191 | 5.10.191 |
| linux | linux_kernel | >= 6.2.0 < 6.4.11 | 6.4.11 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Delta Electronics InfraSuite Device Master
cisa_ics·2023-03-21·CVSS 9.8
[CRITICAL] Delta Electronics InfraSuite Device Master
ICS Advisory
##
Delta Electronics InfraSuite Device Master
Release DateMarch 21, 2023
Alert CodeICSA-23-080-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Delta Electronics
- Equipment: InfraSuite Device Master
- Vulnerabilities: Deserialization of Untrusted Data, Improper Access Control, Exposed Dangerous Method or Function, Path Traversal, Improper Authentication, Command Injection, Incorrect Permission Assignment for Critical Resource, Missing Authentication for Critical Function
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code.
## 3.
OSV
usb-storage: alauda: Fix uninit-value in alauda_check_media()
osv·2025-12-09
CVE-2023-53847 usb-storage: alauda: Fix uninit-value in alauda_check_media()
usb-storage: alauda: Fix uninit-value in alauda_check_media()
In the Linux kernel, the following vulnerability has been resolved:
usb-storage: alauda: Fix uninit-value in alauda_check_media()
Syzbot got KMSAN to complain about access to an uninitialized value in
the alauda subdriver of usb-storage:
BUG: KMSAN: uninit-value in alauda_transport+0x462/0x57f0
drivers/usb/storage/alauda.c:1137
CPU: 0 PID: 12279 Comm: usb-storage Not tainted 5.3.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x191/0x1f0 lib/dump_stack.c:113
kmsan_report+0x13a/0x2b0 mm/kmsan/kmsan_report.c:108
__msan_warning+0x73/0xe0 mm/kmsan/kmsan_instr.c:250
alauda_check_media+0x344/0x3310 drivers/usb/stora
GHSA
GHSA-736q-532x-pgfj: Delta Electronics InfraSuite Device Master versions prior to 1
ghsa_unreviewed·2023-03-27
CVE-2023-1137 [HIGH] CWE-522 GHSA-736q-532x-pgfj: Delta Electronics InfraSuite Device Master versions prior to 1
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
No detection rules found.
No public exploits indexed.
2023-03-27
Published