PT-2020-10392 · Oker · Oker G232V1
Prathan Phongthiproek
·
Published
2020-01-06
·
Updated
2020-01-15
·
CVE-2019-20348
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OKER G232V1 version 1.03.02.20161129
Description
The issue allows attackers with physical access to execute arbitrary commands with root privileges by interrupting the boot sequence on a UART serial interface, due to a lack of proper access control.
Recommendations
For OKER G232V1 version 1.03.02.20161129, consider restricting physical access to the device to minimize the risk of exploitation, and apply proper access control to the root terminal on the UART serial interface.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oker G232V1