CVE-2023-4212

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.

Related Vulnerabilities

CVE-2017-18754

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.

CWE-742017

CVE-2017-18767

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 bef...

CWE-742017

CVE-2018-21112

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000...

CWE-742018

CVE-2018-21114

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX...

CWE-742018

CVE-2018-21119

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.

CWE-742018

CVE-2018-21146

MEDIUM
CVSS:6.8(Medium)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 ...

CWE-742018