cbcvebase.
CVE-2023-47207
published 2023-11-30

CVE-2023-47207: In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator…

PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.57%
96.6th percentile
In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges.

Affected

2 ranges
VendorProductVersion rangeFixed in
delta_electronicsinfrasuite_device_master<= 1.0.7
deltawwinfrasuite_device_master

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-47207 is a deserialization of untrusted data vulnerability (CWE-502) in Delta Electronics InfraSuite Device Master v1.0.7 and prior, allowing unauthenticated remote code execution with local administrator privileges — monitor for unexpected deserialization activity from unauthenticated network sources targeting this product.
  • CVE-2023-39226 (related, same product/version) allows unauthenticated RCE via a single UDP packet — monitor for anomalous UDP traffic to InfraSuite Device Master hosts, which may indicate exploitation attempts against the broader attack surface including CVE-2023-47207.
  • CVE-2023-47279 (related, same product/version) allows unauthenticated disclosure of user information, plaintext credentials, or NTLM relaying via a single UDP packet — monitor for UDP-based credential harvesting or NTLM relay attempts from InfraSuite Device Master hosts.
  • ·No known public exploitation specifically targeting CVE-2023-47207 had been reported to CISA at the time of advisory publication (November 28, 2023).
  • ·Affected versions are InfraSuite Device Master 1.0.7 and prior; the vendor-recommended fix is to update to v1.0.10 or later.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.