Vulnerabilities > CVE-2020-22007 - Missing Authorization vulnerability in Okerthai G955V1 Firmware 1.03.02.20161128

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

okerthai

CWE-862

NVD

Published: 2023-01-18

Updated: 2023-01-25

Summary

OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.

Vulnerable Configurations

Part	Description	Count
OS	Okerthai Okerthai G955V1 Firmware 1.03.02.20161128	1
Hardware	Okerthai Okerthai G955V1 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.okerthai.com
https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4
https://gist.github.com/tanprathan/69fbf6fbac11988e12f44069ec5b18ea#file-cve-2020-22007-txt