CVE-2023-33376

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to an argument injection vulnerability in the iptables command message of the communication protocol. This vulnerability enables attackers to execute arbitrary OS commands on devices. The exploitation of this issue may allow a remote attacker to execute arbitrary code by injecting arguments into the command message of the IP tables.

Recommendations For Connected IO versions 2.1.0 and prior, consider disabling the vulnerable communication protocol until a patch is available. Restrict access to the iptables command message to minimize the risk of exploitation. Avoid using the vulnerable protocol in production environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.