CWE-22

• Severity: HIGH
• CVE: CWE-22
• Affected Hardware: BLU-IC2, BLU-IC4
• Firmware Version: 1.19.5
• Mitigations: NO
• Reported by: Kevin Schaller, Benjamin Lafois, Alexi Bitsios, Sebastian Toscano, Dominik Schneider
• Active exploitation of vulnerability: NO
• Description: Vulnerable Upgrade Feature (Arbitrary File Write)
• Which versions patch releases are available for: 1.20