Name of the Vulnerable Software and Affected Versions:

Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N

Description:

The issue is a buffer overflow via SOCKET TASK in the NTPT3 protocol. This buffer overflow can be exploited, but details about real-world incidents or the estimated number of potentially affected devices are not provided. The buffer overflow occurs in the NTPT3 protocol, which is used by the Ingenico Telium 2 POS terminals.

Recommendations:

For versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the SOCKET TASK in the NTPT3 protocol until the patch is applied.