PT-2023-5846 · Unknown · Connected Io

Published

2023-08-04

Updated

2023-08-08

CVE-2023-33378

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to an argument injection vulnerability in the AT command message of the communication protocol, allowing attackers to execute arbitrary OS commands on devices. This vulnerability can be exploited remotely, enabling an attacker to inject arguments into the command message and potentially execute arbitrary code.

Recommendations For Connected IO versions 2.1.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-88

Related Identifiers

BDU:2023-06533

CVE-2023-33378

Affected Products

Connected Io

PT-2023-5846 · Unknown · Connected Io

CVE-2023-33378

Weakness Enumeration

Related Identifiers

Affected Products

References · 8