CVE-2020-9021

Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:2011.3:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.02.01.2019:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7400v2.08.21.2018:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2012.12.5:*:*:*:*:*:*:*
cpe:2.3:o:postoaktraffic:awam_bluetooth_field_device_firmware:7800sd.2015.1.16:*:*:*:*:*:*:*
cpe:2.3:h:postoaktraffic:awam_bluetooth_field_device:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-17 04:15

Updated : 2024-02-28 17:28


NVD link : CVE-2020-9021

Mitre link : CVE-2020-9021

CVE.ORG link : CVE-2020-9021


JSON object : View

Products Affected

postoaktraffic

  • awam_bluetooth_field_device
  • awam_bluetooth_field_device_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')