CVE-2023-3606

Name of the Vulnerable Software and Affected Versions TamronOS versions up to 20230703

Description A critical issue has been found, affecting an unknown part of the file "/api/ping". The manipulation of the host argument leads to os command injection, allowing remote attacks. The issue has been publicly disclosed and may be exploited. The vendor was contacted about this issue but did not respond.

Recommendations For versions up to 20230703, as a temporary workaround, consider restricting access to the "/api/ping" endpoint until a patch is available. Avoid using the host argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.