Vulnerabilities (CVE)

Filtered by vendor Kratosdefense Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36670 1 Kratosdefense 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware 2024-11-21 N/A 9.8 CRITICAL
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.
CVE-2023-36669 1 Kratosdefense 2 Ngc Indoor Unit, Ngc Indoor Unit Firmware 2024-11-21 N/A 9.8 CRITICAL
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.
CVE-2022-38156 1 Kratosdefense 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware 2024-11-21 N/A 7.2 HIGH
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user.