Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.
Credits
Piotr Bazydlo of Trend Micro’s Zero Day Initiative reported these vulnerabilities to CISA.
