CVE-2020-9021

Name of the Vulnerable Software and Affected Versions Post Oak AWAM Bluetooth Field Device versions 2011.3, 7400v2.02.01.2019, 7400v2.08.21.2018, 7800SD.2012.12.5, 7800SD.2015.1.16

Description The issue allows for injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.

Recommendations For version 2011.3, consider disabling the timeconfig.py script until a patch is available. For version 7400v2.02.01.2019, restrict access to the htmlNtpServer parameter to minimize the risk of exploitation. For version 7400v2.08.21.2018, avoid using the htmlNtpServer parameter in the affected API endpoint until the issue is resolved. For version 7800SD.2012.12.5, consider temporarily removing the timeconfig.py functionality to prevent command injections. For version 7800SD.2015.1.16, restrict the use of shell metacharacters in the htmlNtpServer parameter as a temporary workaround.