CVE-2023-6321

Name of the Vulnerable Software and Affected Versions Owlet Cam versions v1 and v2

Description A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability, potentially enabling remote execution of arbitrary commands and privilege escalation.

Recommendations For Owlet Cam version v1, upgrade the affected components immediately to mitigate the risk. For Owlet Cam version v2, upgrade the affected components immediately to mitigate the risk. As a temporary workaround, consider restricting access to the IOCTL handler that manages OTA updates until a patch is available.