cbcvebase.
CVE-2020-25197
published 2022-03-18

CVE-2020-25197: A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that…

PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.98%
85.6th percentile
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.

Affected

4 ranges
VendorProductVersion rangeFixed in
gereason_rt43x_clocks>= unspecified < 08A0608A06
gert430_firmware< 08a0608a06
gert431_firmware< 08a0608a06
gert434_firmware< 08a0608a06

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.