The “legal information” plugin of web-based-management contained a vulnerability which allowed execution of arbitrary commands with privileges of www user.
UPDATE A 15.06.2023 :
- Removed PFC100 with FW23 as affected product and from solution
- PFC200 with FW23 is only affected on 750-821x/xxx-xxx
- Renamed "FW22 Patch 1" to "FW22 SP1" to match the versions of the download portal