PT-2009-2875 · Garmin · Garmin Communicator Plug-In

Published

2009-05-11

Updated

2018-10-11

CVE-2009-0194

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Garmin Communicator Plug-In version 2.6.4.0

Description The issue concerns the domain-locking implementation in the Garmin Communicator Plug-In, which fails to properly enforce restrictions on download and upload requests. This allows remote attackers to obtain sensitive information or reconfigure Garmin GPS devices via unspecified vectors related to a "synchronisation error."

Recommendations For Garmin Communicator Plug-In version 2.6.4.0, consider restricting access to the npGarmin.dll file to minimize the risk of exploitation until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-0194

Affected Products

Garmin Communicator Plug-In

PT-2009-2875 · Garmin · Garmin Communicator Plug-In

CVE-2009-0194

Weakness Enumeration

Related Identifiers

Affected Products

References · 8