That is exactly what we did and we found a vulnerability where Gcode is not handled correctly. The exploit allows more capabilities than what can be achieved with Gcode commands. My question is: How to fix this? Just a pull request agains the github repo? It might be useful to coordinate it with a release, that affected, worried users could install the patch in a timely manner.by user1001 - Firmware - Marlin
Of course it is not network enabled. But It will parse and handle GCode, which can be malicious. With control over the firmware, a lot of nasty things can be done: e.g.by user1001 - Firmware - Marlin
Dear Marlin Community, As the issue tracking of the Marlin Firmware are public github issues, I did not want to disclose a vulnerability of the firmware directly there. Can someone please point me to a maintainer or responsible person with whom I could discuss further steps about the disclosure? Thank you in advance. Best Felixby user1001 - Firmware - Marlin