A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.
References
Link | Resource |
---|---|
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ | Exploit Third Party Advisory |
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
|
History
11 Feb 2025, 21:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:owletcare:cam_2:-:*:*:*:*:*:*:* cpe:2.3:o:owletcare:cam_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:owletcare:cam_2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:owletcare:cam:-:*:*:*:*:*:*:* cpe:2.3:a:throughtek:kalay_platform:-:*:*:*:*:*:*:* |
|
References | () https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ - Exploit, Third Party Advisory | |
CWE | CWE-77 | |
First Time |
Throughtek kalay Platform
Owletcare cam Throughtek Owletcare cam Firmware Owletcare cam 2 Firmware Owletcare cam 2 Owletcare |
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ - |
15 May 2024, 16:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-15 13:15
Updated : 2025-02-11 21:32
NVD link : CVE-2023-6321
Mitre link : CVE-2023-6321
CVE.ORG link : CVE-2023-6321
JSON object : View
Products Affected
owletcare
- cam_2_firmware
- cam
- cam_firmware
- cam_2
throughtek
- kalay_platform