CVE-2023-30765

HIGH

InfraSuite Device Master < 1.0.7 - Privilege Escalation via Improper Access Controls

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30765. PoCs published by 0xfml.

AI-analyzed exploit summary This is a functional privilege escalation exploit for Delta Electronics Infrasuite Device Master. It leverages an authentication bypass to escalate a user to the Administrator group by manipulating user group assignments via crafted HTTP requests.

Description

Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.

Exploits (1)

nomisec WORKING POC

by 0xfml · poc

https://github.com/0xfml/CVE-2023-30765

View Code ZIP pw:eip

This is a functional privilege escalation exploit for Delta Electronics Infrasuite Device Master. It leverages an authentication bypass to escalate a user to the Administrator group by manipulating user group assignments via crafted HTTP requests.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Delta Electronics Infrasuite Device Master

Auth required

Prerequisites: Valid user credentials (or brute-forcing default credentials) · Network access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mitigation, Patch, Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-01

Scores

CVSS v3 8.8

EPSS 0.0208

EPSS Percentile 79.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

deltaww/infrasuite_device_master < 1.0.7

Published Jul 10, 2023

Tracked Since Feb 18, 2026