Vulnerability Description
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Connectedio | Connected Io | <= 2.1.0 |
Related Weaknesses (CWE)
References
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33378Third Party Advisory
- https://www.connectedio.com/products/routersProduct
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33378Third Party Advisory
- https://www.connectedio.com/products/routersProduct
FAQ
What is CVE-2023-33378?
CVE-2023-33378 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
How severe is CVE-2023-33378?
CVE-2023-33378 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-33378?
Check the references section above for vendor advisories and patch information. Affected products include: Connectedio Connected Io.