Code injection

2024-01-3010:15:00

PRIOn knowledge base

www.prio-n.com

code injection

ait-deutschland

novelan heatpumps

remote attackers

arbitrary code

password component

shadow file

security vulnerability

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.2%

JSON

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file.

CPENameOperatorVersion
heat_pumps_firmwarelt2.88.3
heat_pumps_firmwarege3.0.0
heat_pumps_firmwarelt3.89.0
heat_pumps_firmwarege4.0.0
heat_pumps_firmwarelt4.81.3
heat_pumps_firmwarelt2.88.3
heat_pumps_firmwarege3.0.0
heat_pumps_firmwarelt3.89.0
heat_pumps_firmwarege4.0.0
heat_pumps_firmwarelt4.81.3

Name	Operator	Version
heat_pumps_firmware	lt	2.88.3
heat_pumps_firmware	ge	3.0.0
heat_pumps_firmware	lt	3.89.0
heat_pumps_firmware	ge	4.0.0
heat_pumps_firmware	lt	4.81.3
heat_pumps_firmware	lt	2.88.3
heat_pumps_firmware	ge	3.0.0
heat_pumps_firmware	lt	3.89.0
heat_pumps_firmware	ge	4.0.0
heat_pumps_firmware	lt	4.81.3