Login Sign Up

CVE-2021-38420

7.8 HIGH

📋 TL;DR

Delta Electronics DIALink versions 1.2.4.0 and earlier have insecure default permissions that grant excessive privileges to low-privileged user accounts. This allows attackers to modify the installation directory and upload malicious files, potentially leading to system compromise. Organizations using affected DIALink software are vulnerable.

💻 Affected Systems

Products:
  • Delta Electronics DIALink
Versions: 1.2.4.0 and prior
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation configurations with standard user permissions.

📦 What is this software?

Dialink by Deltaww

View all CVEs affecting Dialink →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full control of the system by uploading and executing malicious payloads, potentially compromising industrial control systems and causing operational disruption.

🟠

Likely Case

Attackers modify system files or upload malware to establish persistence, steal data, or pivot to other systems on the network.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized modifications are detected and prevented before significant damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires low-privileged user access but is straightforward once obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.4.1 or later

Vendor Advisory: https://www.deltaww.com/en-US/Support/Downloads/Detail?code=DIALink

Restart Required: Yes

Instructions:

1. Download DIALink version 1.2.4.1 or later from Delta Electronics website. 2. Backup current configuration. 3. Run installer with administrative privileges. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Restrict File Permissions

windows

Manually adjust file system permissions to limit write access to DIALink installation directory.

icacls "C:\Program Files\Delta Electronics\DIALink" /deny Users:(OI)(CI)W

Implement Least Privilege

all

Remove unnecessary user accounts and restrict remaining accounts to minimal required permissions.

🧯 If You Can't Patch

  • Isolate DIALink systems on segmented network with strict firewall rules
  • Implement file integrity monitoring on DIALink installation directory

🔍 How to Verify

Check if Vulnerable:

Check DIALink version in Help > About menu or examine installed programs list for versions 1.2.4.0 or earlier.

Check Version:

Check Help > About in DIALink application or examine registry at HKEY_LOCAL_MACHINE\SOFTWARE\Delta Electronics\DIALink

Verify Fix Applied:

Confirm DIALink version is 1.2.4.1 or later and verify file permissions on installation directory restrict write access to non-admin users.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected file modifications in DIALink directory
  • Unauthorized user account activity
  • Failed permission change attempts

Network Indicators:

  • Unusual outbound connections from DIALink host
  • Suspicious file transfers to/from DIALink system

SIEM Query:

EventID=4663 AND ObjectName LIKE '%DIALink%' AND Accesses LIKE '%WRITE%'

📊 Metadata

CVE ID: CVE-2021-38420
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: November 3, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-38420, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)