Argument Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary OS Command Execution

Argument Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary OS Command Execution

CVE-2023-33376 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

Learn more about our Web Application Penetration Testing UK.