CVE-2020-9027

Name of the Vulnerable Software and Affected Versions ELTEX NTP-RG-1402G 1v10 version 3.25.3.32 ELTEX NTP-2 (affected versions not specified)

Description The issue allows OS command injection via the TRACE field of the resource "ping.cmd". This means an attacker could potentially execute system commands on the device, posing a significant security risk.

Recommendations For ELTEX NTP-RG-1402G 1v10 version 3.25.3.32, consider restricting access to the "ping.cmd" resource to minimize the risk of exploitation. For ELTEX NTP-2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.