cbcvebase.
CVE-2024-3871
published 2024-04-16

CVE-2024-3871: The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.70%
74.3th percentile
The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.

Affected

1 ranges
VendorProductVersion rangeFixed in
deltra_electronicsdvw-w02w2-e2<= 2.5.2

Detection & IOCsextracted from sources · hover to see the quote

portUDP/2601
processUPSMONProSer.exe
  • Monitor for crashes of the UPSMONProSer.exe service process, which may indicate active exploitation attempts of the stack-based buffer overflow via UDP port 2601.
  • Detect and alert on oversized UDP packets destined for port 2601, which is the attack vector for triggering the stack buffer overflow.
  • Any UDP traffic to port 2601 on hosts running Appleton UPSMON-PRO (versions 2.6 and prior) from untrusted network segments should be treated as suspicious.
  • ·The vulnerable service (UPSMONProService) listens on UDP port 2601 by default. This port must be blocked at the firewall for all UPSMON-PRO installations to prevent remote exploitation.
  • ·Appleton UPSMON-PRO is End of Life and unsupported by Emerson; no patch is available. Mitigation relies entirely on network controls or product replacement.
  • ·Successful exploitation grants SYSTEM-level privileges to the attacker, making network isolation of UPS monitoring networks from corporate networks a critical compensating control.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.