CVE-2020-22007
MEDIUMOKER G955V1 v1.03.02.20161128 - OS Command Injection via Boot Sequence Interruption
Title source: llmDescription
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.
References (3)
Core 3
Core References
Vendor Advisory
http://www.okerthai.com
Exploit, Third Party Advisory
https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4
Scores
CVSS v3
6.8
EPSS
0.0225
EPSS Percentile
80.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
okerthai/g955v1_firmware
1.03.02.20161128
Published
Jan 18, 2023
Tracked Since
Feb 18, 2026