The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nokia affix 2.1.2 |
||
nokia affix 3.2.0 |