Name of the Vulnerable Software and Affected Versions Гранит-Навигатор-6.18

Description The issue is related to the use of uncontrolled format strings in the device's embedded software. An attacker can exploit this by sending a specially crafted SMS command, such as BB+GP=vuln%x, when connected to the device using the USB interface, potentially leading to a denial of service.

Recommendations For Гранит-Навигатор-6.18, consider restricting access to the device's USB interface to minimize the risk of exploitation until a patch is available. Avoid using the device's SMS command functionality with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.