CVE-2023-33378

Published: Aug 4, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.

Affected (1)

Products: Connectedio: Connected Io

Connectedio

1 product

Connected Io

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Connectedio Connected Io	Up to 2.1.0

Related CWEs

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (4)

https://claroty.com/team82/disclosure-dashboard/cve-2023-33378

Source: cve@mitre.org

Third Party Advisory

https://www.connectedio.com/products/routers

Source: cve@mitre.org

Product

https://claroty.com/team82/disclosure-dashboard/cve-2023-33378

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.connectedio.com/products/routers

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.