CVE-2020-22007 : OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows phys

OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.

Published 2023-01-18 13:15:12

Updated 2023-01-25 18:50:00

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-22007

Okerthai » G955v1 Firmware » Version: 1.03.02.20161128
cpe:2.3:o:okerthai:g955v1_firmware:1.03.02.20161128:*:*:*:*:*:*:*
Matching versions
When used together with: Okerthai » G955v1 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-22007

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 46 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-22007

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-22007

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-22007

https://gist.github.com/tanprathan/69fbf6fbac11988e12f44069ec5b18ea#file-cve-2020-22007-txt

OKER UART · GitHub
Third Party Advisory
http://www.okerthai.com

Home
Vendor Advisory
https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4

OKER_UART_2.mp4
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-22007

Products affected by CVE-2020-22007

Exploit prediction scoring system (EPSS) score for CVE-2020-22007

CVSS scores for CVE-2020-22007

CWE ids for CVE-2020-22007

References for CVE-2020-22007