cbcvebase.
CVE-2023-39226
published 2023-11-30

CVE-2023-39226: In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a…

PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.18%
63.6th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute arbitrary code through a single UDP packet.

Affected

2 ranges
VendorProductVersion rangeFixed in
delta_electronicsinfrasuite_device_master<= 1.0.7
deltawwinfrasuite_device_master

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-39226 is exploitable via a single UDP packet sent to Delta Electronics InfraSuite Device Master; monitor for unexpected UDP traffic targeting the service port of InfraSuite Device Master as a potential exploitation attempt.
  • No authentication is required to trigger the vulnerability (CWE-749: Exposed Dangerous Method or Function); any unauthenticated UDP connection to the InfraSuite Device Master service should be treated as suspicious and alerted on.
  • Affected product version is InfraSuite Device Master 1.0.7 and prior; presence of these versions on the network indicates an unpatched, exploitable target.
  • ·The vulnerability class is CWE-749 (Exposed Dangerous Method or Function) delivered over UDP with no authentication required; exploitation requires only network reachability to the service — no credentials, no prior session.
  • ·No known public exploitation or proof-of-concept has been reported to CISA at the time of advisory publication, limiting available concrete IOCs (hashes, IPs, domains).
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.