CVE-2023-33377

Published: Aug 4, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

Affected (1)

Products: Connectedio: Connected Io

Connectedio

1 product

Connected Io

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Connectedio Connected Io	Up to 2.1.0

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://claroty.com/team82/disclosure-dashboard/cve-2023-33377

Source: cve@mitre.org

Third Party Advisory

https://www.connectedio.com/products/routers

Source: cve@mitre.org

Product

https://claroty.com/team82/disclosure-dashboard/cve-2023-33377

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.connectedio.com/products/routers

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.