CVE-2023-33469

Published: Aug 9, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

Affected (2)

Products: Kramerav: Via Go2 Firmware, Via Connect2 Firmware

Kramerav

2 products

Via Go2 Firmware

Via Connect2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kramerav Via Go2 Firmware	Before 4.0.1.1326

Running on/with	Platform Versions
Kramerav Via Go2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kramerav Via Connect2 Firmware	Before 4.0.1.1326

Running on/with	Platform Versions
Kramerav Via Connect2	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://kramerav.com

Source: cve@mitre.org

Product

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469

Source: cve@mitre.org

ExploitThird Party Advisory

http://kramerav.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.