CVE-2022-33948

Name of the Vulnerable Software and Affected Versions HOME SPOT CUBE2 version V102

Description The issue is related to an OS command injection vulnerability due to improper processing of data received from a DHCP server. This could allow an adjacent attacker to execute arbitrary OS commands on the product if a malicious DHCP server is placed on the WAN side. The vulnerability is associated with the failure to neutralize special elements used in an OS command.

Recommendations For HOME SPOT CUBE2 version V102, consider restricting access to the WAN side to minimize the risk of exploitation by a malicious DHCP server. As a temporary workaround, until a patch is available, limit the product's exposure to potentially malicious DHCP servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.