CVE-2022-34753

Name of the Vulnerable Software and Affected Versions SpaceLogic C-Bus Home Controller (5200WHC2) versions V1.31.460 and prior

Description The issue exists due to the failure to neutralize special elements used in an OS command, which could allow a remote attacker to execute arbitrary commands. This is an instance of OS Command Injection, where the vulnerability may lead to a remote root exploit when the command is compromised.

Recommendations For versions V1.31.460 and prior, consider disabling any functionality that uses OS commands until a patch is available to prevent potential exploitation. Restrict access to the affected controller to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.