CVE Vulnerability

CVE-2019-20348

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385 Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2020-01-06 09:15

Updated : 2020-01-15 08:09

NVD link : CVE-2019-20348

Mitre link : CVE-2019-20348

Products Affected

G232v1 Firmware

Okerthai

CWE
CWE-78