A security vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency. The vulnerability, known as CVE-2023-52163, is related to a command injection case that permits remote code execution after authentication.

An attacker must be logged into the device and execute a crafted request in order for the exploitation to be successful. It is recommended that users change the default username and password and refrain from exposing the device to the internet in the absence of a patch. Additionally, CISA advises Federal Civilian Executive Branch (FCEB) agencies to either stop using the product by January 12, 2025, or implement the required mitigations.