CVE-2023-33378

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 4, 2023

Updated: Aug 8, 2023

CWE ID 88

Summary

CVE-2023-33378 is a vulnerability affecting Connected IO v2.1.0 and older versions. This issue involves an argument injection flaw in the AT command message of its communication protocol. Malicious actors can exploit this vulnerability to execute arbitrary OS commands on affected devices. Successful exploitation could result in serious consequences, such as unauthorized access or data theft. Users are strongly advised to update to the latest version of Connected IO to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sOPR-9
https://www.cve.org/CVERecord?id=CVE-2023-33378
https://nvd.nist.gov/vuln/detail/CVE-2023-33378

Back to Vulnerability Database

CVE-2023-33378

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations