CVE-2020-17407

Name of the Vulnerable Software and Affected Versions Microhard Bullet-LTE versions prior to 1.2.0-r1112

Description This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the handling of authentication headers, specifically due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root.

Recommendations For versions prior to 1.2.0-r1112, update to version 1.2.0-r1112 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication headers handling mechanism until a patch is available.