CVE-2020-5648

Name of the Vulnerable Software and Affected Versions GOT 1000 series GT1455-QTBDE CoreOS versions 05.65.00.BD and earlier GOT 1000 series GT1450-QMBDE CoreOS versions 05.65.00.BD and earlier GOT 1000 series GT1450-QLBDE CoreOS versions 05.65.00.BD and earlier GOT 1000 series GT1455HS-QTBDE CoreOS versions 05.65.00.BD and earlier GOT 1000 series GT1450HS-QMBDE CoreOS versions 05.65.00.BD and earlier

Description The issue is related to improper neutralization of argument delimiters in a command, also known as 'Argument Injection', in the TCP/IP function included in the firmware of the GT14 Model of GOT 1000 series. This allows unauthenticated attackers on an adjacent network to stop the network functions of the products via a specially crafted packet.

Recommendations For GOT 1000 series GT1455-QTBDE CoreOS versions 05.65.00.BD and earlier, update to a version later than 05.65.00.BD. For GOT 1000 series GT1450-QMBDE CoreOS versions 05.65.00.BD and earlier, update to a version later than 05.65.00.BD. For GOT 1000 series GT1450-QLBDE CoreOS versions 05.65.00.BD and earlier, update to a version later than 05.65.00.BD. For GOT 1000 series GT1455HS-QTBDE CoreOS versions 05.65.00.BD and earlier, update to a version later than 05.65.00.BD. For GOT 1000 series GT1450HS-QMBDE CoreOS versions 05.65.00.BD and earlier, update to a version later than 05.65.00.BD. As a temporary workaround, consider restricting access to the TCP/IP function to minimize the risk of exploitation.