?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an malicious user to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trane xl824_firmware |
||
trane xl850_firmware |
||
trane xl1050_firmware |
||
trane pivot_firmware |