Connectedio Connected_io
7 CVEs affecting Connectedio Connected_io. Latest disclosed: 2023-08-04. Critical: 7, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-33378 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute ar… |
CVE-2023-33377 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers t… |
CVE-2023-33376 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to exec… |
CVE-2023-33375 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. |
CVE-2023-33374 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices… |
CVE-2023-33373 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonat… |
CVE-2023-33372 | Critical | 9.8 | 2023-08-04 | Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacke… |