CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:2011.3:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.02.01.2019:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.08.21.2018:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2012.12.5:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2015.1.16:*:*:*:*:*:*:*
cpe:2.3:h:postoaktraffic:awam_bluetooth_field_device:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html - Exploit, Third Party Advisory () https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html - Exploit, Third Party Advisory

Information

Published : 2020-02-17 04:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-9021

Mitre link : CVE-2020-9021

CVE.ORG link : CVE-2020-9021


JSON object : View

Products Affected

postoaktraffic

  • awam_bluetooth_field_device_firmware
  • awam_bluetooth_field_device
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')