CVE-2021-23862

Name of the Vulnerable Software and Affected Versions: BVMS with VRM installed versions (affected versions not specified) DIVAR IP versions (affected versions not specified) VIDEOJET decoder versions (affected versions not specified) VRM versions (affected versions not specified)

Description: A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue affects installations of various products, including the VRM, DIVAR IP, BVMS with VRM installed, and the VIDEOJET decoder.

Recommendations: For BVMS with VRM installed, consider disabling the functionality that allows configuration packets to be sent by authenticated administrative users until a patch is available. For DIVAR IP, restrict access to the system context to minimize the risk of exploitation. For VIDEOJET decoder, avoid using the device until the issue is resolved. For VRM, consider implementing additional security measures to prevent arbitrary command execution in system context. At the moment, there is no information about a newer version that contains a fix for this vulnerability.