CVE-2023-45595

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device.

Recommendations For AiLux imx6 bundle versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the “file configuration” functionality to minimize the risk of exploitation.