CVE-2023-26609

Name of the Vulnerable Software and Affected Versions ABUS TVIP 20000-21150 devices

Description The issue allows remote attackers to execute arbitrary code via shell metacharacters in the "/cgi-bin/mft/wireless mft" ap field. This enables attackers to potentially gain control over the device.

Recommendations For ABUS TVIP 20000-21150 devices, consider disabling access to the "/cgi-bin/mft/wireless mft" API endpoint until a patch is available. Restrict input to the ap field to prevent shell metacharacter injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.