PT-2022-1906 · Ge · Ge Reason Rt431+2

Tom Westenberg

Published

2022-03-18

Updated

2022-03-28

CVE-2020-25197

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GE Reason RT430, RT431, and RT434 GNSS clocks versions prior to 08A06

Description The issue is related to a code injection vulnerability. This vulnerability could allow a remote attacker to execute arbitrary code on the system. The vulnerability exists in one of the webpages of the affected devices.

Recommendations For GE Reason RT430, RT431, and RT434 GNSS clocks versions prior to 08A06, update the firmware to version 08A06 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable webpage to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2022-01442

CVE-2020-25197

Affected Products

Ge Reason Rt430

Ge Reason Rt431

Ge Reason Rt434

PT-2022-1906 · Ge · Ge Reason Rt431+2

CVE-2020-25197

Weakness Enumeration

Related Identifiers

Affected Products

References · 6