CVE-2020-9021
CRITICALPost Oak AWAM Bluetooth Field Device Firmware - OS Command Injection via timeconfig.py htmlNtpServer Parameter
Title source: llmDescription
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://sku11army.blogspot.com/2020/01/post-oak-traffic-systems-awam-bluetooth.html
Scores
CVSS v3
9.8
EPSS
0.0209
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (5)
postoaktraffic/awam_bluetooth_field_device_firmware
2011.3
postoaktraffic/awam_bluetooth_field_device_firmware
7400v2.02.01.2019
postoaktraffic/awam_bluetooth_field_device_firmware
7400v2.08.21.2018
postoaktraffic/awam_bluetooth_field_device_firmware
7800sd.2012.12.5
postoaktraffic/awam_bluetooth_field_device_firmware
7800sd.2015.1.16
Published
Feb 17, 2020
Tracked Since
Feb 18, 2026