Copeland XWEB Pro OS Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A command injection vulnerability has been identified in Copeland XWEB Pro versions through 1.12.1. This vulnerability allows authenticated attackers to execute arbitrary code on the system by injecting malicious input into requests directed to the restore route. The injected commands are processed during system setup, leading to remote code execution.
Impact
Exploitation of this vulnerability could result in authentication bypass, denial-of-service conditions, memory corruption, and unauthorized execution of arbitrary code on the affected system.
Remediation
Copeland has released a patch for this vulnerability. Users are advised to update XWEB Pro to the latest version available. Instructions for updating can be found on the Copeland System Software Updates page, or by accessing the update feature directly from the XWEB Pro menu, if the device has internet connectivity.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.