CVE-2023-33376
CRITICALConnected IO <2.1.0 - Command Injection
Title source: llmDescription
Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.
Scores
CVSS v3
9.8
EPSS
0.0009
EPSS Percentile
25.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-88
Status
published
Affected Products (1)
connectedio/connected_io
< 2.1.0
Timeline
Published
Aug 04, 2023
Tracked Since
Feb 18, 2026