CVE-2018-15477

CRITICAL

myStrom WiFi Switch V1 < 2.66 - OS Command Injection via Cloud Parameter

Title source: llm
STIX 2.1

Description

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.

Scores

CVSS v3 9.8
EPSS 0.0159
EPSS Percentile 72.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
mystrom/wifi_switch_firmware < 2.66
Published Aug 30, 2018
Tracked Since Feb 18, 2026