Name of the Vulnerable Software and Affected Versions Гранит-Навигатор-6.18

Description The issue is related to the use of uncontrolled format strings in the device's embedded software. An attacker can exploit this to cause a denial of service by sending a specially crafted command, such as can rcv can teseo 2%n%n%n%n%n%n%n, when connected to the device using a UART converter, which involves putting the device into terminal mode cli.

Recommendations For Гранит-Навигатор-6.18, consider restricting access to the UART interface to minimize the risk of exploitation until a patch is available. Avoid using specially crafted commands that could trigger the denial of service.