All news with #code injection tag

Code Injection Vulnerability in Longwatch Device Firmware

⚠️ Industrial Video & Control Longwatch versions 6.309–6.334 contain a code injection vulnerability that allows unauthenticated HTTP GET requests to execute arbitrary code, resulting in SYSTEM-level remote code execution. CISA assigns high severity (CVSS v4 9.3; CVSS v3.1 9.8) and recommends upgrading to version 6.335 or later. Reduce network exposure, isolate control networks behind firewalls, and use secure remote access methods while applying the vendor patch.