CVE-2018-15477

2018-08-3017:00:00

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.

References

www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt