CVEs-PoC/2021/CVE-2021-32967.md

### [CVE-2021-32967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32967)
![](https://img.shields.io/static/v1?label=Product&message=Delta%20Electronics%20DIAEnergie&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=DIAEnergie%20Version%201.7.5%20and%20prior%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=AUTHENTICATION%20BYPASS%20USING%20AN%20ALTERNATE%20PATH%20OR%20CHANNEL%20CWE-288&color=brightgreen)

### Description

Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/n0-traces/cve_monitor