CVE-2021-37173

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.14.1 RUGGEDCOM ROX RX1400 versions prior to V2.14.1 RUGGEDCOM ROX RX1500 versions prior to V2.14.1 RUGGEDCOM ROX RX1501 versions prior to V2.14.1 RUGGEDCOM ROX RX1510 versions prior to V2.14.1 RUGGEDCOM ROX RX1511 versions prior to V2.14.1 RUGGEDCOM ROX RX1512 versions prior to V2.14.1 RUGGEDCOM ROX RX1524 versions prior to V2.14.1 RUGGEDCOM ROX RX1536 versions prior to V2.14.1 RUGGEDCOM ROX RX5000 versions prior to V2.14.1

Description The command line interface of affected devices insufficiently restricts file read and write operations for low-privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. The affected devices have an exposure of sensitive information vulnerability, which if exploited, could allow an authenticated attacker to extract data via Secure Shell (SSH).

Recommendations For RUGGEDCOM ROX MX5000 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1400 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1500 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1501 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1510 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1511 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1512 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1524 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX1536 versions prior to V2.14.1, update to version V2.14.1 or later. For RUGGEDCOM ROX RX5000 versions prior to V2.14.1, update to version V2.14.1 or later.