PT-2022-8710 · Ge · Ge Reason Rt431+2
Tom Westenberg
·
Published
2022-03-18
·
Updated
2022-10-21
·
CVE-2020-25193
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06
Description
The issue allows attackers to intercept and decrypt encrypted traffic through an HTTPS connection by having access to the hard-coded cryptographic key. This could potentially compromise the security of the data being transmitted.
Recommendations
For GE Reason RT430, RT431 & RT434 GNSS clocks versions prior to 08A06, update the firmware to version 08A06 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTPS connection to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ge Reason Rt430
Ge Reason Rt431
Ge Reason Rt434