PT-2023-5847 · Unknown · Connected Io

Publicado

2023-08-04

Atualizado

2023-08-08

CVE-2023-33377

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to the implementation of the communication protocol in the firmware of Connected IO routers, which is vulnerable to OS command injection. This allows a remote attacker to execute arbitrary OS commands on devices. The vulnerability is specifically found in the set firewall command part of the communication protocol.

Recommendations For Connected IO versions 2.1.0 and prior, update to a version that fixes the OS command injection vulnerability in the set firewall command. As a temporary workaround, consider restricting access to the set firewall command until a patch is available.

Correção

OS Command Injection

Special Elements Injection

Improper Neutralization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78CWE-74CWE-707

Identificadores relacionados

BDU:2023-06534

CVE-2023-33377

Produtos afetados

Connected Io

PT-2023-5847 · Unknown · Connected Io

CVE-2023-33377

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8