CVE-2017-7689

Name of the Vulnerable Software and Affected Versions Schneider Electric homeLYnk Controller versions prior to 1.5.0

Description The issue is related to a Command Injection vulnerability. It is associated with the failure to sanitize data at the management level, which could allow a remote attacker to execute commands with root privileges using specially crafted POST requests, such as "/api/v1/management" endpoint. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Avoid using the POST request method in the affected API endpoint until the issue is resolved.