Remote Code Execution Vulnerability in AIT-Deutschland Alpha Innotec and Novelan Heatpumps

Remote Code Execution Vulnerability in AIT-Deutschland Alpha Innotec and Novelan Heatpumps

CVE-2024-22894 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

Learn more about our Web Application Penetration Testing UK.