OS Command Injection in ELTEX NTP-RG-1402G and NTP-2 Devices via TRACE Field of ping.cmd Resource
CVE-2020-9027 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
Learn more about our Web Application Penetration Testing UK.