CVE-2023-41109

Name of the Vulnerable Software and Affected Versions SmartNode SN200 (aka SN200) version 3.21.2-23021

Description The issue is related to the Network Diagnostic Commands function of the SmartNode SN200 analog telephone adapter's firmware, which fails to neutralize special elements used in an operating system command. This allows for unauthenticated OS Command Injection, potentially enabling a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For SmartNode SN200 version 3.21.2-23021, consider disabling the Network Diagnostic Commands function as a temporary workaround until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.