PT-2021-7825 · Spacelynk+1 · Spacelynk+1
Published
2021-05-11
·
Updated
2021-06-04
·
CVE-2021-22733
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
homeLYnk (Wiser For KNX) versions prior to V2.60
spaceLYnk versions prior to V2.60
Description
The issue is related to improper privilege management, which could allow an attacker to gain unauthorized access to the system shell when unauthorized code is loaded into the system folder. This could potentially lead to exploitation, allowing the attacker to access the system.
Recommendations
For homeLYnk (Wiser For KNX) versions prior to V2.60, consider restricting access to the system folder to prevent unauthorized code from being loaded until a patch is available.
For spaceLYnk versions prior to V2.60, consider implementing additional security measures to prevent unauthorized access to the system shell until a fix is provided.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Homelynk
Spacelynk