Kratosdefense Ngc Indoor Unit Firmware vulnerabilities
2 known vulnerabilities affecting kratosdefense/ngc_indoor_unit_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2023-36670P2CRITICALCVSS 9.8v9.1.0.42023-07-18
CVE-2023-36670 [CRITICAL] CWE-78 CVE-2023-36670: A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An a
A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.
nvd
CVE-2023-36669P2CRITICALCVSS 9.8fixed in 11.42023-07-18
CVE-2023-36669 [CRITICAL] CWE-306 CVE-2023-36669: Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 a
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.
nvd