OS Command Injection in ELTEX NTP-RG-1402G and NTP-2 Devices via TRACE Field of ping.cmd Resource

OS Command Injection in ELTEX NTP-RG-1402G and NTP-2 Devices via TRACE Field of ping.cmd Resource

CVE-2020-9027 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.

Learn more about our Web Application Penetration Testing UK.