OS Command Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary Command Execution

OS Command Injection Vulnerability in Connected IO v2.1.0 and Prior: Arbitrary Command Execution

CVE-2023-33377 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

Learn more about our Web Application Penetration Testing UK.