Command Injection Vulnerability in myStrom WiFi Switch V1 Devices

Command Injection Vulnerability in myStrom WiFi Switch V1 Devices

CVE-2018-15477 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.

Learn more about our Cis Benchmark Audit For Server Software.