Alice Rose

**Name of the Vulnerable Software and Affected Versions** HOME SPOT CUBE2 version V102 **Description** The issue is related to an OS command injection vulnerability due to improper processing of data received from a DHCP server. This could allow an adjacent attacker to execute arbitrary OS commands on the product if a malicious DHCP server is placed on the WAN side. The vulnerability is associated with the failure to neutralize special elements used in an OS command. **Recommendations** For HOME SPOT CUBE2 version V102, consider restricting access to the WAN side to minimize the risk of exploitation by a malicious DHCP server. As a temporary workaround, until a patch is available, limit the product's exposure to potentially malicious DHCP servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.