Product
An unauthenticated remote attacker can achieve critical remote code execution in X-Rite MA-T6 devices running versions prior to v2.33 due to improper input sanitization in the `SetParameter` command, allowing for OS command injection via CVE-2023-49900.