2 matches found
CVE-2023-36622
The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 before 14.1.5.9 allows remote authenticated administrators to inject arbitrary OS commands via the timezone parameter...
CVE-2023-36622
The affected product is Loxone Miniserver Go Gen.2 (prior to 14.1.5.9). The vulnerability is a command-injection flaw in the websocket configuration endpoint, where remote authenticated administrators can inject arbitrary OS commands via the timezone parameter. This impacts confidentiality, integ...