CVE-2023-33374 – CVE-2023-33374 allows remote attackers to execu... (How to Fix)

Q: What is the severity of CVE-2023-33374?

CVE-2023-33374 has a CVSS score of 9.8 (CRITICAL). CVE-2023-33374 allows remote attackers to execute arbitrary operating system commands on Connected IO devices by abusing a management protocol feature. This vulnerability affects Connected IO v2.1.0 and earlier versions, enabling complete device compromise. Organizations using these IoT routers for industrial or commercial connectivity are at risk.

📋 TL;DR

CVE-2023-33374 allows remote attackers to execute arbitrary operating system commands on Connected IO devices by abusing a management protocol feature. This vulnerability affects Connected IO v2.1.0 and earlier versions, enabling complete device compromise. Organizations using these IoT routers for industrial or commercial connectivity are at risk.

💻 Affected Systems

Products:

Connected IO industrial routers and IoT gateways

Versions: v2.1.0 and prior

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

Connected Io by Connectedio

View all CVEs affecting Connected Io →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to install persistent backdoors, exfiltrate sensitive data, pivot to internal networks, or render devices inoperable.

🟠

Likely Case

Attackers gain full control of vulnerable devices to intercept network traffic, deploy malware, or use devices as botnet nodes.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated device compromise without network pivot.

🌐 Internet-Facing: HIGH - Devices exposed to internet are directly exploitable without authentication.

🏢 Internal Only: MEDIUM - Requires internal network access but still exploitable without authentication once accessed.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of the management protocol but no authentication. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.2.0 or later

Vendor Advisory: https://www.connectedio.com/security-advisories

Restart Required: Yes

Instructions:

1. Contact Connected IO support for firmware update 2. Download latest firmware from vendor portal 3. Upload firmware to device management interface 4. Apply update and restart device 5. Verify version shows v2.2.0 or higher

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Connected IO devices in separate VLAN with strict firewall rules

Access Control Lists

linux

Restrict management interface access to trusted IP addresses only

iptables -A INPUT -p tcp --dport [management-port] -s [trusted-ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [management-port] -j DROP

🧯 If You Can't Patch

Deploy network-based intrusion prevention systems to detect and block exploitation attempts
Implement strict outbound filtering to prevent data exfiltration from compromised devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via management interface or SSH if enabled. Versions 2.1.0 or lower are vulnerable.

Check Version:

ssh admin@device-ip 'cat /etc/version' or check via web interface at http://device-ip/status

Verify Fix Applied:

Confirm firmware version shows 2.2.0 or higher in device management interface.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in device logs
Multiple failed authentication attempts followed by successful command execution
Unexpected system process creation

Network Indicators:

Unusual outbound connections from IoT devices
Traffic to unexpected destinations on non-standard ports
Protocol anomalies in management traffic

SIEM Query:

source="connected-io-devices" AND (event_type="command_execution" OR process_name="sh" OR process_name="bash")

📊 Metadata

CVE ID: CVE-2023-33374

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: August 4, 2023

Last Updated: November 21, 2024

🔗 References

https://claroty.com/team82/disclosure-dashboard/cve-2023-33374 Third Party Advisory
https://www.connectedio.com/products/routers Product
https://claroty.com/team82/disclosure-dashboard/cve-2023-33374 Third Party Advisory
https://www.connectedio.com/products/routers Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33374, you might also want to check these: