[SYSS-2023-019] SmartNode SN200 – Unauthenticated OS Command Injection

Read Time:24 Second

Posted by Maurizio Ruchay via Fulldisclosure on Nov 27

Advisory ID: SYSS-2023-019
Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway
Manufacturer: Patton LLC
Affected Version(s): <= 3.21.2-23021
Tested Version(s): 2.21.1-22041, 3.21.2-23021, 3.22.0-23083
Vulnerability Type: OS Command Injection (CWE-78)
Vulnerability Type: Improper Access Control (CWE-284)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2023-07-05
Public Disclosure: 2023-08-28
CVE…

Read More