PT-2023-5846 · Unknown · Connected Io

Publicado

2023-08-04

Atualizado

2023-08-08

CVE-2023-33378

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to an argument injection vulnerability in the AT command message of the communication protocol, allowing attackers to execute arbitrary OS commands on devices. This vulnerability can be exploited remotely, enabling an attacker to inject arguments into the command message and potentially execute arbitrary code.

Recommendations For Connected IO versions 2.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Argument Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-88

Identificadores relacionados

BDU:2023-06533

CVE-2023-33378

Produtos afetados

Connected Io

PT-2023-5846 · Unknown · Connected Io

CVE-2023-33378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8