PT-2023-5847 · Unknown · Connected Io

Published

2023-08-04

Updated

2023-08-08

CVE-2023-33377

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Connected IO versions 2.1.0 and prior

Description The issue is related to the implementation of the communication protocol in the firmware of Connected IO routers, which is vulnerable to OS command injection. This allows a remote attacker to execute arbitrary OS commands on devices. The vulnerability is specifically found in the set firewall command part of the communication protocol.

Recommendations For Connected IO versions 2.1.0 and prior, update to a version that fixes the OS command injection vulnerability in the set firewall command. As a temporary workaround, consider restricting access to the set firewall command until a patch is available.

Fix

OS Command Injection

Special Elements Injection

Improper Neutralization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-74CWE-707

Related Identifiers

BDU:2023-06534

CVE-2023-33377

Affected Products

Connected Io

PT-2023-5847 · Unknown · Connected Io

CVE-2023-33377

Weakness Enumeration

Related Identifiers

Affected Products

References · 8