← Back

CVE-2022-40187

nvd nist
Published: Oct 13, 2022Modified: May 15, 2025

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.

Affected (2)

Foresightsports
1 product
Gc3 Launch Monitor Firmware
Bushnellgolf
1 product
Launch Pro Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Gc3 Launch Monitor Firmware
Before 1.5.0.2
Running on/withPlatform Versions
Foresightsports
Gc3 Launch Monitor
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Launch Pro Firmware
Before 1.5.0.2
Running on/withPlatform Versions
Bushnellgolf
Launch Pro
All versions

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.