CVE-2020-22007

Published: Jan 18, 2023Modified: Apr 4, 2025

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.

Affected (1)

Products: Okerthai: G955v1 Firmware

Okerthai

1 product

G955v1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Okerthai G955v1 Firmware	Version 1.03.02.20161128

Running on/with	Platform Versions
Okerthai G955v1	All versions

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

http://www.okerthai.com

Source: cve@mitre.org

Vendor Advisory

https://gist.github.com/tanprathan/69fbf6fbac11988e12f44069ec5b18ea#file-cve-2020-22007-txt

Source: cve@mitre.org

Third Party Advisory

https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.okerthai.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gist.github.com/tanprathan/69fbf6fbac11988e12f44069ec5b18ea#file-cve-2020-22007-txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.dropbox.com/s/cnzwbxhxl0ahzoa/OKER_UART_2.mp4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.