CVE-2014-5071

Name of the Vulnerable Software and Affected Versions Symmetricom s350i version 2.70.15

Description The issue allows remote attackers to execute arbitrary SQL commands via vectors involving a username. This is made possible by a SQL injection vulnerability in the checkPassword() function.

Recommendations For Symmetricom s350i version 2.70.15, as a temporary workaround, consider disabling the checkPassword() function until a patch is available. Restrict access to the username parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.