CVE-2023-33469

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
krameravvia_go2_firmware
𝑥
< 4.0.1.1326
krameravvia_connect2_firmware
𝑥
< 4.0.1.1326
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
krameravvia_connect2
𝑥
< 4.0.1.1326
ADP
krameravvia_go2
𝑥
< 4.0.1.1326
ADP
Common Weakness Enumeration
References
http://kramerav.com
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469
http://kramerav.com
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33469