CVE-2019-20348

MEDIUM

OKER G232V1 v1.03.02.20161129 - Unauthenticated OS Command Injection via UART Serial Interface

Title source: llm
STIX 2.1

Description

OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/tanprathan/24cab2eb02937f86961c6380b47ce385

Scores

CVSS v3 6.8
EPSS 0.0056
EPSS Percentile 42.4%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
okerthai/g232v1_firmware 1.03.02.20161129
Published Jan 06, 2020
Tracked Since Feb 18, 2026